Slow Website Performance when using Smart Cards and Windows Integrated Authentication

Follow

Date: April 30, 2014
Revision: 1.0

Problem:

When you use a Server that runs Internet Information Services (IIS) 7.0 or later, you may experience slow Web Application performance. This problem occurs if the both following are true:

  • You use Integrated Windows authentication with IIS 7.0 or later.
  • You use the Kerberos authentication protocol to authenticate the user on the Web site.



Cause:

This problem occurs because IIS 7.0 requires the client to be re-authenticated for each HTTP(S) request when you use the Kerberos authentication protocol. This behavior causes network traffic to increase.

Resolution:

To resolve this problem, set the value of the authPersistNonNTLM property to True at the server level in IIS 7.0. To do this, follow these steps:

From an administrative command prompt, type the following commands, and then press ENTER:

  1. cd %SystemRoot%\System32\inetsrv
  2. appcmd set config /section:windowsAuthentication /authPersistNonNTLM:true



Note: The authPersistNonNTLM property controls the re-authentication requirement of Kerberos authentication. By default, this property is set to False.

Additional Information:

After you set the authPersistNonNTLM property to True, you do not require a re-authentication for every request that is made over the same keep-alive connection. You may have to re-authenticate only if you use a different client TCP port to make another HTTP request. This scenario occurs when a new HTTP keep-alive session must be established.

Please also refer to Microsoft documentation on this matter: You may experience slow performance when you use Integrated Windows authentication together with the Kerberos authentication protocol in IIS 7.0.

Applies To:

  • Enterprise Random Password Manager (ERPM)
  • Random Password Manager (RPM)
Was this article helpful?
0 out of 0 found this helpful

Comments

Powered by Zendesk