C# - PrincipalContext.ValidateCredentials Slow With Trusted Domain Using NetBios Name
Feb 18, 2011
I've created a service that validates credentials against Active Directory using System.DirectoryServices.AccountManagement. I need to validate credentials against the local domain as well as a trusted domain. The response time for validating credentials is fast for both the local and trusted domain when run on my computer. When I move this service to our server, the local domain response is fast however, the trusted domain response is very slow (20 - 30 seconds).
I've also found that if I change the domain name in the PrincipalContext from the NetBios name to the DNS name it corrects the the performance problem on the server.
Here's some examples
PrincipalContext context = new PrincipalContext(ContextType.Domain, sNetBiosName)
context.ValidateCredentials(sUsername, sPassword)
On the server, the above will take 20-30 seconds using the NetBios Name
PrincipalContext context = new PrincipalContext(ContextType.Domain, sDNSName)
context.ValidateCredentials(sUsername, sPassword)
Using the DNS name the response is 0-2 seconds
Any ideas on what needs to be setup on the server to speed this up using the NetBios name?
View 2 Replies
Similar Messages:
Aug 3, 2010
We have a ASP.NET site that partially depends on forms authentication for login credentials, however the implementation of IPrincipal is completely custom.
But, when running the site on a particular server (which is somewhat semi-hardened when it comes to security), the app crashes when invoking IPrincipal.IsInRole() with the following messsage:
System.SystemException: The trust relationship between the primary domain and the trusted domain failed.
This indicates a communication error between the web-server and the DC, however since our application doesn't at all utilizes Windows authentication, I don't see why it needs to communicate with the DC.
This is my implementation:
[code]...
EDIT:
I was finally enable to reproduce this error on my dev-machine (i revoked my machine from the DC yesterday, but didn't reproduce it until today)
HttpContext.User is actually a WindowsPrincipal by default it seems, and the error in my code was that I only replace it with CustomPrincipal upon login. Hence, unathenticated users still get the WindowsPrincipal which then fails horribly if you have trust issues on your AD.
I tried changing the default principal by invoking this on appstart
AppDomain.CurrentDomain.SetPrincipalPolicy( PrincipalPolicy.NoPrincipal);
But this doesn't seem to kick in. How do I change the default Principal in ASP.NET?
View 1 Replies
Feb 8, 2010
I can get the list of user groups from the same domain based on the logged in users by using following commandSystem.Web.HttpContext .Current.Request.LogonUserIdentity.GroupsBut in my case user can be part of another trusted domain group also. The above command is not retrieving the trusted domain groups.Is there any way to get all the groups belongs to logged in user even he is part trusted domain group also?
View 1 Replies
Mar 18, 2010
How can I add an URL to the trusted site? It seems that there are stored in the registry, but where exactly?
The .net programm will run locally on each client.
Edit clarification: I want to do this programmaticly running C# code.
View 5 Replies
Mar 22, 2010
My web service app on my Windows XP box is trying to log in to my sql server 2005 database on the same box. The machine is part of a domain. I am logged in in the domain and I am an admin on my machine. I am using Windows Authentication in my connection string as in "Server=myServerAddress;Database=myDataBase;Trusted_Connection=True". SQLServer is configured for both types of authentication (mixed mode) and accepts remote connections and accepts tcp and named pipes protocols. Integrated authentication is enabled in IIS and with and without anonymous access. 'Everyone' has access to computer from network setting in local security settings. ASPNET is a user in the sql server and has access to the daatabase. user is mapped to the login.
The app works fine for other developers which means the app shouldn't be changed (It's not new code). So it seems it's my machine which has an issue.
I am getting the error "Login failed for user ''. The user is not associated with a trusted SQL Server connection" Note the blank user name. Why am I getting this error when both the app and database are on my machine? I can use SQL Server authentication but don't want to. I can connect to the database using SSMS and my Windows credentials.
It might be related to setspn, kerberos, delegation, AD. I am not sure what further checks to make?
View 2 Replies
Jan 13, 2011
I am developing an application using VS2008 .Net 3.5 with MS SQL 2008 targeting .Net 2.0
The project is created as Web Application ... does not use any third party controls
I have changed both my web.config and assemblyinfo.cs with AllowPartiallyTrustedCallers ...
I am still getting the error message, "That assembly does not allow partially trusted callers"
View 3 Replies
Jan 8, 2011
I'm using this: http://code.google.com/apis/recaptcha/docs/aspnet.html ...
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers.
Source Error: [Code]....
Source File: d:hosting4646264htmlgreenstormsContact.aspx Line: 228 Stack Trace: [Code]....
Version Information: Microsoft .NET Framework Version:2.0.50727.3615; ASP.NET Version:2.0.50727.4049
View 1 Replies
Oct 25, 2010
when i am trying to test my webpage i get this message : " Login failed for user ''. The user is not associated with a trusted SQL Server connection. " idon`t know what to do with
because it`s my first webapp
View 7 Replies
May 7, 2010
Is FileIOPermission Class obsolete in .net 4.0?
Now do I have to Run Partially Trusted Code in a Sandbox [URL]?
View 3 Replies
Aug 9, 2010
I have found below link. What is the procedures in installing and setup of using a trusted subsystem model?? It involves in using application certificate in which how can I find and generate???
[URL]
View 1 Replies
May 7, 2015
Using iTextSharp.text;using iTextSharp.text.html.simpleparser;using iTextSharp.text.pdf;
Added dll to Bin folder.
Response.ContentType = "application/pdf";
// Response.AddHeader("content-disposition", "attachment;filename=TestPage.pdf
string name = lblname.Text.Replace(" ","") + ".pdf";
Response.AddHeader("content-disposition", "attachment;filename=" + name);
[Code] ....
Got error in server as
System.Security.SecurityException: That assembly does not allow partially trusted callers.
View 1 Replies
Feb 17, 2011
I have also installed SSL on a subdomain. I have put payment page under this sub domain.
View 4 Replies
Feb 22, 2011
I have some dedicated servers running ASP.NET applications over internet. All servers are fully trusted (all belongs to the same company) and need to communicate to each other in a secure way. They are not part of a domain or work group and should not be.Each server acts as both client and server of some WCF services. These services are few (1-2 per server) and light (a little data is transferred on each call).
I can use self-signed SSL certificates or X509. I'm looking for some way to make sure nobody from internet can call a WCF service on a server. New server would be added in the future.I read about WCF but now I'm confused, is it good idea to use self-signed SSL certificates or not (non self-signed is not an option at the moment), which binding to use, which security mode to use, which authentication method to use
View 2 Replies
Sep 28, 2010
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
View 1 Replies
Aug 16, 2010
Im returning the username from sharepoint site as a string. This is done successfully with the below code but I also get the domain with it. How can I only return the username and not the domain either through sharepoint or programmatically removing it? domain/username
[Code]....
View 3 Replies
Sep 28, 2010
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
View 2 Replies
Jul 28, 2010
I have two domain servers X and Y.My Asp.net Web application is hosted on Domain X.But my scope is required to authorize the user of Domain Y on the Web application hosted on Domain X server.I am using Windows Authetication mode in application
View 2 Replies
Jul 28, 2010
I have a main domain "mydomain.com" and then a sub domain "forums.mydomain.com". If a user visits "forums.mydomain.com" without being logged in, they are redirected to "mydomain.com/login.aspx".
The two scenarios are:
If they are redirected to the login page with "mydomain.com/login.aspx?ReturnUrl=http://forums.mydomain.com", then they are succesfully logged into the forums but NOT the main site.
If they are simply redirected to the login page with "mydomain.com/login.aspx" with no returnUrl, they are correctly logged into both the main site and the forums.
View 2 Replies
Mar 3, 2010
I am trying to use Windows Authentication in my asp code. I have read / tried all answers on the web but couldnt my page to connect to sql. I m using classic asp.
My conn string looks like :
OCONN.OPEN ("PROVIDER=SQLOLEDB; DATA SOURCE myserver; INITIAL CATALOG=nrth; Integrated Security=SSPI; trusted_Connection=yes")
but I mgetting error
Microsoft OLE DB Provider for SQL Server
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.error '80004005'
View 6 Replies
Jul 23, 2010
I have a domain: http://www.mydomain.com. This domain is redirected to http://mydomain.anotherDomain.com.
I user forms authorization, so when the user navigates to Default.aspx he is redirected to Login.aspx. Pretty standard stuff.
On FireFox the user can log in on both on http://www.mydomain.com and http://mydomain.anotherDomain.com.
But with Explorer http://www.mydomain.com doesn't work. I only get the Login.aspx page.
Can it have anything to do with that on http://www.mydomain.com I can't see the filename ('Default.aspx', 'Login.aspx')? How can I enable so the filename is included in the redirected domain?
View 3 Replies
Jan 27, 2011
I have an intranet web application. There are 2 user groups, group A belongs to the domain and group B does not. If I set the IIS to enable anonymous access, Request.ServerVariables("LOGON_USER") always return nothing. If I disable anonymous access and set Integrated Windows authenication, a Windows login prompt will come up if group B's users want to access the website.
How can I setup IIS so that when domain user access the website, it will direct to the main page with Session("user_name") = Request.ServerVariables("LOGON_USER"). If a user is not a domain user, the website will direct him/her to a login.aspx instead of having the Windows authenication prompt, then set Session("user_name") = txtUserName.Text, and finally redirect to the website main page ?
View 2 Replies
Oct 13, 2010
is it possible to remove Main Domain cookie from Sub Domain ?I am using single sign on .On logout i want to remove the maindomain cookie
View 2 Replies
Apr 12, 2010
We have a website for our company on one domain and we have a login form to a webmail solution on another domain.Now i would like to build a form on our website the transfers the request to the login form on the webmail domain and automatically validate the user if user and pass are correct.Need help to find the correct way of doing this. The domains is hosted by our company, the website and webmail is on different servers. I don't want to use the querystring,
View 3 Replies
Aug 30, 2010
The following code works as it was originally designed to move a file from one directory to another directory on the same server, but I need to change it to work so it will move a file from one server to another server. My challenge is how to define the source directory on a different server and check if file exists.
Code behind:
Protected Sub btnSubmit_Click(ByVal sender
As Object, ByVal e As System.EventArgs)
Handles btnSubmit.Click
[Code]....
View 2 Replies
Jan 21, 2010
could i use the begin request of Global.asax to redirect everything, from mydomain. domain to www.mydomain.domain?
View 1 Replies
