Wednesday, May 21, 2008

IWA Performance consideration

IWA (Integrated Windows Authentication) is a cool thing where users need to authenticate again if their computer is already authenticated to the Windows network. However if you have users in remote locations they might experience significant performance degradation with IWA turned on. The reason for this is IWA requests the browser to send its NTLM authentication key. There will be 2 401 (Unauthorized) responses before the 200 (OK) response.

This article by Matthew Langston explains how IWA works: So I don't need to explain it again here.

Since you can't eliminate the 2 401 errors (That's the way IWA works), you can improve on performance by cutting down the amount of data transfered over the network. By default IIS is configured to send the standard HTML file when a 401 error occurs. You need to change the setting in the "Custom Errors" tab (in IIS website properties) and set the 401 errors to send default text message instead of the HTML file. This will reduce amount of data transferred from around 2KB to about 83 bytes. You will see substantial improvement in performance.

This article explains how to change the "custom Errors" properties (Your website setting maybe slightly different):


No comments: