Home/ Questions/Q 7671483
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T16:04:07+00:00

I’m fairly new to developing in an active directory environment. So please bear with

  • 0

I’m fairly new to developing in an active directory environment. So please bear with me…

[A] I’ve been running fiddler as navigate through some of the pages on my site and I’ve noticed the following.

fiddler

[B] The 401 error’s are as I understand caused by how NTLM works..

401.2

[C] But I’m also behind a proxy so I get these responses as well

proxy

I’ve also noticed that the auth tab in fiddler has a combination of these results for

Proxy results. [C]

Proxy-Authenticate Header is present: Negotiate

Proxy-Authenticate Header is present: Kerberos

Proxy-Authenticate Header is present: NTLM

No WWW-Authenticate Header is present.

401.2 Results [B]

No Proxy-Authenticate Header is present.

WWW-Authenticate Header is present: Negotiate

WWW-Authenticate Header is present: NTLM

Note: In my controllers I have a custom Authorize attribute that inherits from the AuthorizeAttribute class.

        protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (base.AuthorizeCore(httpContext))
        {
            /* Return true immediately if the authorization is not 
            locked down to any particular AD group */
            if (Groups == null)
                return true;

            //admin user -> allow all actions
            if (IsUserInRole("Admin"))
            {
                return true;
            }
            else
                //Domain_Users -> continue for division level permissions
                if (IsUserInRole("Production_Users") || IsUserInRole("Engineering_Users") || IsUserInRole("Quality_Users"))
                {
                    //if we've gotten here, the user is a domain user & in a specific division,
                    //depending on the view we're dealing with, and the users permissions allow/deny
                    switch (httpContext.ApplicationInstance.Request.RequestContext.RouteData.Values["action"].ToString())
                    {
                        case "Add":
                            return HttpContext.Current.User.IsInRole(GetGroupFromAppConfig("AddAllow"));
                        case "Edit":
                            return HttpContext.Current.User.IsInRole(GetGroupFromAppConfig("EditAllow"));
                        case "Delete":
                            return HttpContext.Current.User.IsInRole(GetGroupFromAppConfig("Deletellow"));
                        default:
                            //default = no action type is specified => we're dealing with a "view" 
                            //& as the user has division level permissions, allow.
                            return true;
                    }
                }
                else
                {
                    return false;
                }

        }
        return false;
    }

Now my question… is it possible to lessen some of the 401 results, & proxy results as they seem to be causing performance issues.

And,

Is it possible to apply gzip/deflate compression on the 401 & proxy results to lessen their sizes?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Ok, I’m not network admin. So please don’t quote me on this, but here is what i think has happened. We’ve got multiple domain controllers on our network, I think somehow they where passing the requests back and forth between each other. The setup has changed since then, and the unnecessary calls seem to have disappeared/gotten less

    • 0