DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 318863 - Last Review: July 3, 2008 - Revision: 4.2

This article was previously published under Q318863
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
For more information about IIS 7.0, visit the following Microsoft Web site:
http://www.iis.net/default.aspx?tabid=1 (http://www.iis.net/default.aspx?tabid=1)

On This Page

SUMMARY

This step-by-step article describes how to modify the metabase to control authentication persistence.

HTTP Keep-Alives allow Web browsers to reuse the same TCP connection to make multiple requests to a Web server such as Internet Information Server (IIS). If a Web server requires authentication such as Basic, Kerberos, or Microsoft Windows NT Challenge/Response, a Web browser is challenged for authentication by the server. The Web browser must send authentication information to the Web server. After the Web browser is authenticated by the server, the Web browser can only be challenged again by the server when it opens a new connection from a different TCP port. This is known as authentication persistence.

Authentication persistence can be controlled by the metabase property AuthPersistence. Microsoft recommends that you set this property by setting the corresponding subflag to TRUE, which automatically sets a binary value for AuthPersistence.

Description of Authentication Persistence Settings

  • AuthPersistSingleRequest: If this metabase property is set to TRUE, authentication persists only for a single HTTP request.
  • AuthPersistSingleRequestIfProxy: If this metabase property is set to TRUE, authentication persists only for a single HTTP request if it is a proxy request and the request is not handled by Microsoft Proxy Server (that is, if Proxy Server and IIS are running on the local computer, and the request is targeted to a remote server.)
  • AuthPersistSingleRequestAlwaysIfProxy: If this metabase property is set to TRUE, authentication is valid for a single HTTP request if the request is by proxy.NOTE: Only one subflag of AuthPersistence can be TRUE at one time. By default, AuthPersistSingleRequestIfProxy is set to TRUE. The metabase entries that are turned on by default do not appear on enumeration of the metabase until you specifically set them.

Modify the Metabase

WARNING: If you edit the metabase incorrectly, you can cause serious problems that may require you to reinstall any product that uses the metabase. Microsoft cannot guarantee that problems that result if you incorrectly edit the metabase can be solved. Edit the metabase at your own risk.

NOTE: Always back up the metabase before you edit it.

For additional information about how to back up the metabase, click the article numbers below to view the articles in the Microsoft Knowledge Base:
300675  (http://support.microsoft.com/kb/300675/EN-US/ ) HOW TO: Create a Metabase Backup by Using Internet Information Server 4.0 in Windows NT
300672  (http://support.microsoft.com/kb/300672/EN-US/ ) HOW TO: Create a Metabase Backup in IIS 5
To modify the metabase properties as described in this article, run the following at a command prompt:
CSCRIPT.EXE ADSUTIL.VBS SET W3SVC/AuthPersistSingleRequest TRUE
NOTE: Adsutil.vbs is generally located at Winnt\System32\Inetsrv\Adminsamples (for IIS 4.0) or at Inetpub\Adminscripts (for IIS 5.0).

NOTE: Setting AuthPersistence values can cause the IIS server performance to decrease. Based on the subflag set, the IIS server may challenge each Web browser for each HTTP request that is made to the server. This also may require the IIS server to make authentication requests to the domain controller for each domain account making a new HTTP request.

REFERENCES

For more information about authentication persistence, see the IIS 5.0 online documentation at the following Microsoft Web site:
Getting Started with Internet Information Services (IIS)
http://www.iis.net/getstarted (http://www.iis.net/getstarted)
For more information, visit the following Microsoft Developer Network (MSDN) Web site:
AuthPersistence
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/b0b4ec5c-74f8-43e9-ac64-d8b852568341.mspx (http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/b0b4ec5c-74f8-43e9-ac64-d8b852568341.mspx)

APPLIES TO
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Server 4.0
Keywords: 
kbhowtomaster KB318863
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support