Excessive HTTP 401s using Windows Authentication, AJAX, ASMX and external ISA

Enviornment:

• ASP.NET WebForms
• .NET 3.5
• jQuery for AJAX
• ASMX web services
• Windows Authentication
• SSL

When we run our production web application, our AJAX calls often have 2-3 HTTP 401s before we get our HTTP 200.

Is this normal?

Is there som开发者_如何学运维ething we may be doing wrong?

NOTE: The calls do not fail, the 401s try until they succeed.

Example Traffic:

---

That's normal traffic for NTLM-style Integrated Windows authentication. The sequence is roughly:

1. Client: HTTP GET url...
2. Server: HTTP 401 WHO GOES THERE
3. Client: It's-a me, the client!
4. Server: HTTP 401 YEAH PROVE IT
5. Client: I've got all the proof you need right here.
6. Server: HTTP 200 OK

If you look in the raw responses from the server, you should see the Negotiate headers, and the corresponding encoded / encrypted requests from the client.