How do I fix IIS 6 Digest Authentication Timeout problem?
When Microsoft developed IIS 6.0 then enhanced the capabilities of the digest authentication to be called advance digest authentication. If you have a advanced digest authenticated web site that is running on IIS6 and you find that after a few minutes user have to re-enter their credentials then the following info may be of use to you:
There are two registry keys that control the time out periods for advanced digest authentication namely:
Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters\DigestPartialContextCacheTTL and Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters\DigestContextCacheTTL
These keys do not exist by default so what IIS is does is use a default value of 300 secs for DigestContextCacheTTL.
Here are the details of both keys:
DigestContextCacheTTL
Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters
Data Type: REG_DWORD
Default Value: 300 (seconds)
Range: 0 - 4,294,967
When using Advanced Digest Authentication, this value overrides the Time To Live (TTL) setting for fully formed security contexts after the first authentication request succeeds.
DigestPartialContextCacheTTL
Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters
Data Type: REG_DWORD
Default Value: 30 (seconds)
Range: 0 - 4,294,967
When using Advanced Digest Authentication, this value overrides the Time To Live (TTL) setting for partially formed security contexts for the first authentication challenge request.
You will need to configure these keys with values that are suitable to your environment.
authentication challenge digest authentication IIS inetinfo registry keys time out time to liveauthentication challenge digest authentication IIS inetinfo registry keys time out time to live
No Comments »
Filed under: IIS
