NTLM Authentication Is Lost on Every Call (323683)


The information in this article applies to:

  • Microsoft .NET Framework 1.0
This article was previously published under Q323683

SYMPTOMS

If you are hosting in Microsoft Internet Information Services (IIS) and if you are using NTLM authentication, .NET remoting opens and closes the connection on every call. Because of this, each call must authenticate itself for security reasons and to make sure that no one can hijack the connection. However, NTLM performance is slower when you make multiple calls.

RESOLUTION

A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Microsoft .NET Framework service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 
   Date         Time   Version             Size   File name
   --------------------------------------------------------------
   31-May-2002  10:02  1.0.3705.282    1,167,360  System.dll
   31-May-2002  10:02  1.0.3705.282      307,200  System.Runtime.Remoting.dll
   31-May-2002  10:02  1.0.3705.282      503,808  System.Web.Services.dll

Note If you install this hotfix on a computer that has the .NET Framework SP2 installed, you receive the following error message:
Could not install Microsoft Visual Studio .NET Hot Fix Q323683
To apply this hotfix on a computer that has the .NET Framework SP2 installed, use the .NET Framework Hotfix Rollup Package. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

328541 INFO: Post-Service Pack 2 .NET Framework Hotfix Rollup Package 7

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

This fix adds a boolean property named UnsafeAuthenticatedConnectionSharing to the HttpWebRequest class to improve the performance of NTLM authentication. This property should be used only if NTLM performance blocks adoption of the .NET Framework. If you set the property to true, you can expose security holes. The default setting for this property is false.

When you set UnsafeAuthenticatedConnectionSharing to true, .NET Framework classes re-use previous server connections for authentication. For example, see the following Visual C# code: 
HttpWebRequest myrequest = (HttpWebRequest) WebRequest.Create("http://myntlmserver");
myrequest.Credentials = CredentialCache.DefaultCredentials;
myrequest.UnsafeAuthenticatedConnectionSharing = true;
Modification Type:MinorLast Reviewed:10/11/2005
Keywords:kbHotfixServer kbQFE kberrmsg kbbug kbfix kbNetFrame100PreSP2fix kbNetFrame100preSP3fix kbNetFrame100SP2fix kbQFE KB323683
©2004 Microsoft Corporation. All rights reserved.