IIS6 and AuthPersistence

I wonder if anyone can clear up the confusion around the AuthPersistence
metabase attribute and IIS 6. Currently if a site is defined to use
integrated authentication under IIS 6 each request causes a 401
challenge/response. Under previous versions this behavior could be
optimised to only challenge on a session or possibly as long as the
socket connection was kept open. This prevented constant 401s when
returning a single page.

The following link:
http://technet2.microsoft.com/WindowsServer/en/Library/35d44 45b-5440-4dc8-80f3-cea51b23abbc1033.mspx

Suggests that the only valid value for AuthPeristence with IIS 6 is
AuthPersistSingleRequest and that each request will generate a
challenge. However under two conditions - Integrated Auth is set to NTLM
or Integrated Auth is set to Negotiate and NTLM is used - this value
will be false and the previous behavior will be supported for backward
compatibility. Which I read as we can optimise the challenge response
protocol if NTLM is used.

Another version of the document above was provided with the IIS 6
resource kit and this claims the behavior has been removed and the only
supported value us AuthPersitSingleRequest.

So can the 401 behavior for integrated authentication be optimised? Or
are we stuck with 3 round trips for each server request with IIS 6?


Appreciate any help around this area.


Darren