I’ve been working with a customer experiencing performance issues which has resulted in some significant deep diving, and we appear to have found an issue where Smart Clients are sending all requests to the server twice - one without Windows Credentials which generates a 401 unauthorized and one with!
Looking at the IIS Logs we see the following:
As you can see you get a call without a cs-username which gets a 401, immediately followed by a call with it - which gets a proper response.
While this might seem somewhat trivial, the roundtrip time (viewed in the client traces), shows increases from circa 40ms to 120ms. In cases where customisations are calling multiple business objects (to populate additional line item information for example), this additional time can quickly add up, and should be avoidable.
We are gathering data to raise this with Epicor, but thought this might affect others.
If you are affected - the best solution is probably to switch to Entra (or Azure AD as it used to be known), as this doesn’t exhibit the same issue, and will make you more secure also (2FA and other benefits).
This has been observed at 2023.2