Freigeben über


401 Precedes 200

Well I am no expert on Authentication and authorization mechanisms that IIS offers but what I learnt when I put our ASP.NET app under the scanner was fascinating. 

For one of the internal apps that I was preparing to run some performance tests on, I was trying to capture some web tests using Fiddler. Since this page has quite a few AJAX calls, Fiddler, with its built in ability to save Requests as web tests was an ideal fit.

After capturing the traffic for a couple of seconds, Fiddler window looked like:

Status

URL

401

/VROOT/ReportImage.aspx?executionId=abc

401

/VROOT/ReportImage.aspx?executionId=abc

200

/VROOT/ReportImage.aspx?executionId=abc

401

/VROOT/ReportImage.aspx?executionId=xyz

401

/VROOT/ReportImage.aspx?executionId=xyz

200

/VROOT/ReportImage.aspx?executionId=xyz

..

..

..

..

As you would notice, for each resource being requested by the client, IIS Server was sending atleast two 401 before sending a success 200. That got me thinking that probably something wasn't right in the way the code was handling those requests or probably a misconfiguration on IIS Server itself. While doing some digging around, found the following articles which explain the mysterious 401's

Explained: Windows Authentication in ASP.NET 2.0

Integrated Windows Authentication (IIS 6.0)

Kerberos explained: https://msdn2.microsoft.com/en-us/library/aa374743.aspx

In case you really have run into a 401, you might want to check: https://support.microsoft.com/kb/907273