Hi Mark, On Sat, 1 Jun 2002 21:23:10 -0400, in soap you wrote: >Hi Simon, > >On Sat, Jun 01, 2002 at 03:45:12PM -0700, Simon Fell wrote: >> >> Hi, >> >> I'm trying to work out how authentication and persistent connections >> interact. I initially thought that the authentication header will only >> apply to the scope of that particular HTTP exchange, however I'm >> seeing with IIS that subsequent requests on the same connection >> continue to be treated as authenticated even if the following request >> doesn't specify an authentication header. >> >> Can anyone clarify what the expected behavior should be ? > >If that's what's happening, IIS is broken. The connection style >doesn't impact the statelessness of the interaction. > >Are you sure that's what you're observing? > >MB I Just double checked everything and this I'm definitely seeing this. I have IIS running on W2K Server with SP2, and have a page configured for authenticated access only. I have a test HTTP/1.1 client that is POSTing to this page. If i do 2 consecutive POSTs the first with an Authorization header and the second without one, the second POST succeeds, rather than getting the expected 401. If i swap the two POSTs around, so that the first one doesn't have the Authorization header, then i do get the expected 401. I've attached a capture of the HTTP traffic [from Ethereal] Cheers Simon
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:38:46 GMT