« How to enable true intellisense on javascript filesHow to make an HTTP proxy »

How to improve your intranet ASP.NET web application performance ?

Hi,

Have you ever had a look on the number of request made by an intranet web application ? I put a premium on Intranet because I am talking about the windows authenticated web applications. Generally, for applications like these, we configure them to deny any anonymous user to connect to it. However, it means that every single file would need authentication, which is non sense : javascript files, css, pictures, . all these kind of file do not need authentication. That's why you should configure you application to allow anonymous users on them.

Why would it increase performance to disable authentication for them ? Because when using windows authentication, the browser sends a request as an anonymous user, the server replies that 401 (not allowed) and then, and only then, the browser sends a request as "you", and now you can get the file. It then means 2 request/response pairs for a single file. It make sense for pages, but not for style and scripts. IMHO, the best way is to put non sentive files in a folder. Typically, you should use the Themes functionality (even if you would have only one theme).

Now let's come to the practical point of view and allow non sensitive files to be access anonymously. For each folder with non sensitive data, you should add a web.config file like the following :

<?xml version="1.0"?>
<configuration>
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</configuration>

It is now better but not enough. Indeed, there is also this script resources loaded by the ScriptManager. Since we cannot easily redirect the path to ScriptResource.axd and WebResource.axd, we have to change the root web.config file by adding the followings in the root configuration element :

<location path="WebResource.axd">
    <system.web>
        <authorization>
            <allow users="?" />
        </authorization>
    </system.web>
</location>

<location path="ScriptResource.axd">
    <system.web>
        <authorization>
            <allow users="?" />
        </authorization>
    </system.web>
</location>

Hope you liked the tip. See ya

This entry was posted on January 7th, 2010 at 09:59:36 am by Nicolas Penin and is filed under ASP.NET, C#.

2 comments

Comment from: Bertrand Le Roy [Visitor] · http://weblogs.asp.net/bleroy
The .axd handlers are probably not the only files you should take out of the authentication, so a good practice may be to not protect the root of the application but only a subdirectory of it. That gives you full latitude of deciding what goes through authentication or not with minimum effort. And you don't have to special case the axd.
01/07/10 @ 23:49
Comment from: Nicolas Penin [Member] Email · http://dragon-angel.fr
Hi Bertrand,
I was actually thinking about an intranet which needs authentication from the very first page. For example, I am making an intranet portal for a client, and I need to know who this person is to give him/her his/her own information. So I have no other way to make it specific to axd handlers... or I don't know it. ;)
01/09/10 @ 09:01

Comments are closed for this post.