locked
Multiple HTTP requests per file when using Kerberos RRS feed

  • Question

  •  

    We are in an environment that utilizing Kerberos for SSO and separation of our PAS Server from our Analysis Server.  One thing I've found is each HTTP request goes through Kerberos authentication - even for things that don't need to be secured like images and generic javascript!

     

    This causes multiple HTTP requests to be made for each file - so if you're downloading 80 things, its 160 requests to deal w/ the Kerberos authentication process.

     

    If you go into IIS, and change the permissions to those specific files to be "Anonymous", then the generic images only take 1 HTTP request to be received.

     

    Are there any recommendations on what files we can allow "Anonymous" access to while keeping the server secure?  Especially for our users over a WAN, this makes a big difference.

    Friday, December 14, 2007 4:42 PM

Answers

  • There aren't any recommendations as to the specific files that could be left unsecured.  If the cube is secured by user account, we recommend also having the PAS virtual directory secured with Windows integrated security, or basic security over SSL, and that all files and folders under the PAS directory inherit the same security.

    Tuesday, December 18, 2007 5:57 PM