Hi. This is not actually a Wireshark question per se, so, if I'm out of line for asking it here, please let me know. I will take it like a man :-) I am using Wireshark to analyze/improve the performance of a .NET 2.0 application. It is a WinForms app, which calls an ASMX Web Service. What I have found is that, for each and every HTTP POST, to MyWebService.asmx, an NTLM Authentication sequence is executed, as follows: This sequence is executed even when the client hits a button that causes 4 consecutive POSTs. Each of these POSTs, from the same client to the same server, causes a NTLM Authentication sequence. This adds an extra round trip for each request, which has a significant impact on performance, since the client and server are separated by a high latency path. My "guess" is that one of the following might cure this: A) Include the Authorization header in the initial POST, so the server doesn't have to demand it via the 401. B) Use a persistent connection, so at least only the first of the four POSTs will have to Authenticate. Unfortunately, I am not a .NET programmer - I am a packetologist :-) - so I don't know what the developer needs to change. Can anyone tell me if this is fixable with a not-too-complicated code or config change to the .NET app? Thx much! Feenyman99 asked 14 Jun '11, 13:25  feenyman99 |
2 Answers:
Sounds to me that there is a loadbalancer in between that does not persist a client to one server, so each new loadbalanced tcp stream needs to re-authenticate. I would identify the loadbalancer and add persistency to it. answered 19 Jun '11, 14:39  SYN-bit ♦♦ |
I'm not sure if you have access to the server, but I would look at the event log on the server they are posting to and see what error is being generated server-side for the failed ntlm authentications. Hope this is helpful, John answered 18 Jun '11, 12:04  John_Modlin |
