Avoiding 401 response for each request using NTLM

Question

We have here an asp.net 3.5 application using NTLM based windows authentication. The system runs on a private network that actually distributed over different geographic pla

Answer 1

I was having this problem as well except that, for me, it was mostly JS and CSS files which caused this. My site (like most sites) keeps JS and CSS files in there own directories. So the solution for me was to simply go to those directories in IIS and enable Anon Auth (I say simply but it took over two years for me to work this out; thanks to this post). Now the site still requires Windows auth but the sub directories for JS and CSS files do not. IOW, it seems to be working perfectly.

I also would never put sensitive information in a JS file (or CSS file for that matter) and would suggest that you do not either. If you do, you will obviously want to move the sensitive information in these files out of these directories.