The default value for this property is false, which causes the current connection to be closed after a request is completed. Your application must go through the authentication sequence every time it issues a new request.

If this property is set to true, the connection used to retrieve the response remains open after the authentication has been performed. In this case, other requests that have this property set to true may use the connection without re-authenticating. In other words, if a connection has been authenticated for user A, user B may reuse A's connection; user B's request is fulfilled based on the credentials of user A.

You may want to consider enabling this mechanism if your are having performance problems and your application is running on a Web server with integrated Windows authentication.

Enabling this setting opens the system to security risks. If you set the HttpWebRequest.UnsafeAuthenticatedConnectionSharing property to true be sure to take the following precautions:

• Use the HttpWebRequest.ConnectionGroupName property to manage connections for different users. This avoids the potential use of the connection by non-authenticated applications. For example, user A should have a unique connection group name that is different from user B. This provides a layer of isolation for each user account.

• Run your application in a protected environment to help avoid possible connection exploits.

If you control the back-end server, as an alternative you might consider turning off authentication persistence. This increases performance to a lesser degree, but it is safer. For more details, search for AuthPersistence in the MSDN library at tp://msdn.microsoft.com/library.

Namespace: System.Net
Assembly: System (in System.dll)
Assembly Versions: 1.0.5000.0, 2.0.0.0, 4.0.0.0