ASP.NET application loads slowly the first time


Symptom

===========

When visiting an ASP.NET application for the first time, it is rather slow. It might take a long time from dozens of seconds to several minutes.

Root Cause

============

In ASP.NET web application, if you use some Authenticode Signed .NET assemblies, the application will connect to internet to validate the digital certificates. When the server has no access to internet, this certificate authentication process will not end until timeout.          

Solution

============

To avoid this problem, we suggest choosing any of the following solutions.

  • l Make sure that your server has access to internet.
  • l Disable the certificate authentication process by referring to http://support.microsoft.com/kb/936707. Please add the following lines to aspnet.config file.

C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet.config

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet.config

<?xml version="1.0" encoding="utf-8"?>

<configuration>

        <runtime>

                        <generatePublisherEvidence enabled="false"/>

        </runtime>

</configuration>

Import the following registry key and restart the IIS service.

 

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing]

"State"=dword:00023e00

Detail Analysis

=============

If we capture a hang dump when first loading an ASP.NET page, the managed callstack of current page is similar to the followings. Obviously, it is loading an Assembly.

0:022> !CLRStack

OS Thread Id: 0xeb4 (22)

Child-SP         RetAddr          Call Site

000000001af1c900 000007fef91747c3 System.Reflection.Assembly.InternalLoad(System.Reflection.AssemblyName, System.Security.Policy.Evidence,

System.Threading.StackCrawlMark ByRef, Boolean)

000000001af1c990 000007ff0141f0f9 System.Reflection.Assembly.Load(System.Reflection.AssemblyName)

000000001af1c9d0 000007fef9fdd502 Microsoft.SharePoint.Portal.WebControls.StringResourceManager..cctor()

000000001af1db50 000007ff014135e2 Microsoft.SharePoint.Portal.WebControls.MySiteLinkUserControl.SetControl()

000000001af1dce0 000007fef398e04f Microsoft.SharePoint.Portal.WebControls.MySiteLinkUserControl.OnInit(System.EventArgs)

..... 

The Assembly being loaded is:

Microsoft.SharePoint.Portal.intl

 

The native callstack of this loading thread is as shown:

0:022> k20

Child-SP          RetAddr           Call Site

00000000'1af1a208 000007fe'fdc610ac ntdll!ZwWaitForSingleObject+0xa

00000000'1af1a210 000007fe'f5dfa2fa KERNELBASE!WaitForSingleObjectEx+0x79 00000000'1af1a2b0 000007fe'f5df76fa cryptnet!CryptRetrieveObjectByUrlWithTimeout+0x263

00000000'1af1a5b0 000007fe'f5df4646 cryptnet!CryptRetrieveObjectByUrlW+0x20f 00000000'1af1a7a0 000007fe'f5df9c34 cryptnet!RetrieveObjectByUrlValidForSubject+0x162 00000000'1af1a8d0 000007fe'f5df4243 cryptnet!RetrieveTimeValidObjectByUrl+0x2de 00000000'1af1a9c0 000007fe'f5df3c72 cryptnet!CTVOAgent::GetTimeValidObjectByUrl+0x2e3 00000000'1af1ab20 000007fe'f5df38ad cryptnet!CTVOAgent::GetTimeValidObject+0x7cf

00000000'1af1ad00 000007fe'f5df3810 cryptnet!FreshestCrlFromCrlGetTimeValidObject+0x61

00000000'1af1ad70 000007fe'f5df99fc cryptnet!CryptGetTimeValidObject+0xb0 00000000'1af1adf0 000007fe'f5df345d cryptnet!GetTimeValidCrl+0x4b7

00000000'1af1af30 000007fe'f5df3f82 cryptnet!GetBaseCrl+0x7d 00000000'1af1afc0 000007fe'f5df3d58 cryptnet!MicrosoftCertDllVerifyRevocation+0x238

00000000'1af1b110 000007fe'fdb157c7 cryptnet!CertDllVerifyRevocation+0x28

00000000'1af1b160 000007fe'fdb1552e crypt32!VerifyDefaultRevocation+0x398 00000000'1af1b250 000007fe'fdb15c09 crypt32!CertVerifyRevocation+0x144

...

00000000'1af1bcc0 000007fe'f9e46c27 mscorwks!PEFile::CheckSecurity+0x39b924

00000000'1af1bd50 000007fe'f9e5eb5d mscorwks!PEAssembly::DoLoadSignatureChecks+0x37

00000000'1af1bd90 000007fe'f9e52ff8 mscorwks!PEAssembly::PEAssembly+0x12d 00000000'1af1be00 000007fe'f9e40b9d mscorwks!PEAssembly::DoOpen+0x11c 00000000'1af1c130 000007fe'f9f24a3e mscorwks!PEAssembly::Open+0x71

From the function names, it's easy to find that the loading thread is doing some certificate authentication work. It's waiting for this thread:

0:036> kn

# Child-SP          RetAddr           Call Site

00 00000000'2409e1c8 000007fe'fdc610ac ntdll!ZwWaitForSingleObject+0xa

01 00000000'2409e1d0 000007fe'f5d7f38e KERNELBASE!WaitForSingleObjectEx+0x79

02 00000000'2409e270 000007fe'f5d80a27 winhttp!IsWpadEnabledForConnectedNetworks+0x1f2

03 00000000'2409e340 000007fe'f5d806dc winhttp!ReadWinInetProxySettings+0x1c3

04 00000000'2409e3c0 000007fe'f5dfae42 winhttp!WinHttpGetIEProxyConfigForCurrentUser+0x28a

05 00000000'2409e510 000007fe'f5df9237 cryptnet!InetGetProxy+0x11e

06 00000000'2409e600 000007fe'f5df983d cryptnet!InetSendAuthenticatedRequestAndReceiveResponse+0x190

07 00000000'2409f770 000007fe'f5df9d9c cryptnet!InetSendReceiveUrlRequest+0x57e

.....

 

0:036> .frame 7

07 00000000'2409f770 000007fe'f5df9d9c cryptnet!InetSendReceiveUrlRequest+0x57e [d:\w7rtm\ds\security\cryptoapi\pki\rpor\inetsp.cpp @ 2603]

0:036> dv

              hInetSession = 0x00000000'218211f0

                   pwszUrl = 0x00000000'1f8abe50 "http://crl.microsoft.com/pki/crl/products/CSPCA.crl"

          dwRetrievalFlags = 1

              pCredentials = 0x00000000'00000000

                      pcba = 0x00000000'2409fab0

            ppfnFreeObject = 0x00000000'2409fb38

            ppvFreeContext = 0x00000000'2409fb30

                  pAuxInfo = 0x00000000'1f8abd78

             phInetRequest = 0x00000000'00000000

 

We can find it is trying to connect to http://crl.microsoft.com/pki/crl/products/CSPCA.crl when we capture the hang dump.

 ZhiXing - Microsoft APAC DSI Team

Comments (0)

Skip to main content