Question: 

Regarding the ACO parameter IISEnableChildRequest, could we have some information on what it does, intended use and default values?

Environment:  

R12.52 CR01 or higher

IIS7 or higher

Answer: 

This ACO parameter controls if Web Agent will spawn a child request or not. IIS7 late processing has been introduced for scenarios where the Web Agent relies upon IIS to perform the authentication process ( e.g. NTLM, Kerberos ). IIS performs the authentication (NTLM, Kerberos) in the AuthenticateRequest notification and, in order to rely on IIS authentication, the Web Agent performs the processing after IIS has authenticated the user. If there are custom modules written by customers that subscribe to AuthenticateRequest notification and expect the Web Agent headers to be available at this point, those will not work as the Web Agent has not processed the request yet. 

Therefore, in order to provide these custom modules with a second chance to get the Web Agent headers in the AuthenticateRequest notification, the Web Agent spawns a child request after Web Agent has processed the request so the headers have been set. Since the child request goes through the IIS pipeline again, the Web Agent headers are now available to custom modules in the AuthenticateRequest notification. Although spawning child request is not efficient, its only during the authentication, and most of the customers may not be using any custom modules, so this functionality is controlled with the ACO parameter IISEnableChildRequest which by default is set to no. Customers that require this functionality needs to set this ACO parameter to yes.

Additional Information:

- (External reference) Application Life Cycle Overview for IIS 7.0: https://msdn.microsoft.com/en-us/library/bb470252.aspx