Performance Considerations

Some browsers do not send user credentials for a request until challenged. For these browsers, the sequence of events on every request for a protected file is:

send request receive authorization required response resend request with authorization information receive file

This happens for protected every file. Therefore, for best performance, only place files in protected areas that need the protection of an authenticated user session. This way extra trips to the server and authentication processing is minimised.


Browser Support for HTTP/1.1 Digest Authentication
Access to User Names and Session State
table of contents
full printable document





password protection ...
... industrial strength
distributed password protection
iis basic authentication
iis digest authentication

copyright(c) 2003
all rights reserved

design -