search

Bilal-S / iis2tomcat

AJP Connector between Internet Information Services (IIS) and Apache Tomcat
http://www.boncode.net/boncode-connector
49 stars 32 forks source link

Getting 401 errors with GETs to Tomcat. #74

Closed roadling closed 5 years ago

roadling commented 5 years ago

I have an IIS 7.5 instance bound to Tomcat 8.5 on an internally hosted application.

IIS is configured to use Windows Authentication (NTLM and Negotiate providers in that order) and is resolving my credentials correctly.

When I look at the network activity for my application I see two 401 errors for each initial GET, see attached. It doesn't burn a lot of time but I have to think I have something configured wrong with the connector or IIS or is this somehow a normal?

Edit: Specifically why am I getting two 401 errors. I expect one with NTLM. I just cannot find a reason for two per GET.

netwok

Bilal-S commented 5 years ago

Not necessarily bad. Could be IIS configuration based on the type of authentication. Here is an older article explaining some use of 401 challenge/response: https://support.microsoft.com/en-us/help/264921/how-iis-authenticates-browser-clients

Does the 401 response have a WWW-Authenticate header? This allows the client to start an authentication handshake.

roadling commented 5 years ago

https://blogs.technet.microsoft.com/mist/2018/02/14/windows-authentication-http-request-flow-in-iis/

this describes exactly what I am seeing and is apparently normal.