I recently hit a hurdle when exposing a demo website restricted by IIS Windows Authentication using an Amazon Web Services (AWS) Elastic Load Balancer (ELB). The symptoms were that the website requested the credentials, as expected, but would then continue to request these for every hit of the website resulting in an unusable user experience of countless logins.
The problem appears to be in the way the ELB forwards on the credentials.
To overcome this issue simply changes the ELB listener from the default Load Balancer and Instance Protocol of HTTP to TCP. The problem will then disappear.
My guess is that because TCP does not modify the header of the packet as mentioned here: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html
That obviates the need to retransmit the credentials as Microsoft’s website makes it clear they pay attention to the header:
http://technet.microsoft.com/en-us/library/cc959507.aspx
Great post!
LikeLike
I haven’t had any issues keeping it as HTTP. This is 2016, upgrades?
LikeLike
Hi,
I recently try ELB with instances having IIS hosted website with Windows authentication.
With HTTPS protocol, I received multiple login prompts so switched to secure TCP. That fix this issue.
Now ELB with secure TCP connection is not maintaining the request stickiness. And not loading the website properly.
Since I can’t use ELB stickiness feature with TCP, can you suggest some ideas to get over this issue?
Posting again wrong email address
LikeLike