C# - PrincipalContext.ValidateCredentials Slow With Trusted Domain Using NetBios Name
Feb 18, 2011
I've created a service that validates credentials against Active Directory using System.DirectoryServices.AccountManagement. I need to validate credentials against the local domain as well as a trusted domain. The response time for validating credentials is fast for both the local and trusted domain when run on my computer. When I move this service to our server, the local domain response is fast however, the trusted domain response is very slow (20 - 30 seconds).
I've also found that if I change the domain name in the PrincipalContext from the NetBios name to the DNS name it corrects the the performance problem on the server.
Here's some examples
PrincipalContext context = new PrincipalContext(ContextType.Domain, sNetBiosName)
context.ValidateCredentials(sUsername, sPassword)
On the server, the above will take 20-30 seconds using the NetBios Name
PrincipalContext context = new PrincipalContext(ContextType.Domain, sDNSName)
context.ValidateCredentials(sUsername, sPassword)
Using the DNS name the response is 0-2 seconds
Any ideas on what needs to be setup on the server to speed this up using the NetBios name?
We have a ASP.NET site that partially depends on forms authentication for login credentials, however the implementation of IPrincipal is completely custom.
But, when running the site on a particular server (which is somewhat semi-hardened when it comes to security), the app crashes when invoking IPrincipal.IsInRole() with the following messsage:
System.SystemException: The trust relationship between the primary domain and the trusted domain failed.
This indicates a communication error between the web-server and the DC, however since our application doesn't at all utilizes Windows authentication, I don't see why it needs to communicate with the DC.
This is my implementation:
[code]...
EDIT:
I was finally enable to reproduce this error on my dev-machine (i revoked my machine from the DC yesterday, but didn't reproduce it until today)
HttpContext.User is actually a WindowsPrincipal by default it seems, and the error in my code was that I only replace it with CustomPrincipal upon login. Hence, unathenticated users still get the WindowsPrincipal which then fails horribly if you have trust issues on your AD.
I tried changing the default principal by invoking this on appstart
I can get the list of user groups from the same domain based on the logged in users by using following commandSystem.Web.HttpContext .Current.Request.LogonUserIdentity.GroupsBut in my case user can be part of another trusted domain group also. The above command is not retrieving the trusted domain groups.Is there any way to get all the groups belongs to logged in user even he is part trusted domain group also?
My web service app on my Windows XP box is trying to log in to my sql server 2005 database on the same box. The machine is part of a domain. I am logged in in the domain and I am an admin on my machine. I am using Windows Authentication in my connection string as in "Server=myServerAddress;Database=myDataBase;Trusted_Connection=True". SQLServer is configured for both types of authentication (mixed mode) and accepts remote connections and accepts tcp and named pipes protocols. Integrated authentication is enabled in IIS and with and without anonymous access. 'Everyone' has access to computer from network setting in local security settings. ASPNET is a user in the sql server and has access to the daatabase. user is mapped to the login.
The app works fine for other developers which means the app shouldn't be changed (It's not new code). So it seems it's my machine which has an issue.
I am getting the error "Login failed for user ''. The user is not associated with a trusted SQL Server connection" Note the blank user name. Why am I getting this error when both the app and database are on my machine? I can use SQL Server authentication but don't want to. I can connect to the database using SSMS and my Windows credentials.
It might be related to setspn, kerberos, delegation, AD. I am not sure what further checks to make?
I'm using this: http://code.google.com/apis/recaptcha/docs/aspnet.html ...
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers.
when i am trying to test my webpage i get this message : " Login failed for user ''. The user is not associated with a trusted SQL Server connection. " idon`t know what to do with because it`s my first webapp
I have found below link. What is the procedures in installing and setup of using a trusted subsystem model?? It involves in using application certificate in which how can I find and generate??? [URL]
I have some dedicated servers running ASP.NET applications over internet. All servers are fully trusted (all belongs to the same company) and need to communicate to each other in a secure way. They are not part of a domain or work group and should not be.Each server acts as both client and server of some WCF services. These services are few (1-2 per server) and light (a little data is transferred on each call).
I can use self-signed SSL certificates or X509. I'm looking for some way to make sure nobody from internet can call a WCF service on a server. New server would be added in the future.I read about WCF but now I'm confused, is it good idea to use self-signed SSL certificates or not (non self-signed is not an option at the moment), which binding to use, which security mode to use, which authentication method to use
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
Im returning the username from sharepoint site as a string. This is done successfully with the below code but I also get the domain with it. How can I only return the username and not the domain either through sharepoint or programmatically removing it? domain/username
My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.Basically I am working at my client site and my machine is not connected to the domain.What I want to do is running a web application locally under a domain account, and using the webdev server.The webapp uses the default authentication, windows authentication that is.I tried using impersonation with domainuser & password but I got the following error Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.I have to mention that the username and the password are correct.
I have two domain servers X and Y.My Asp.net Web application is hosted on Domain X.But my scope is required to authorize the user of Domain Y on the Web application hosted on Domain X server.I am using Windows Authetication mode in application
I have a main domain "mydomain.com" and then a sub domain "forums.mydomain.com". If a user visits "forums.mydomain.com" without being logged in, they are redirected to "mydomain.com/login.aspx".
The two scenarios are:
If they are redirected to the login page with "mydomain.com/login.aspx?ReturnUrl=http://forums.mydomain.com", then they are succesfully logged into the forums but NOT the main site.
If they are simply redirected to the login page with "mydomain.com/login.aspx" with no returnUrl, they are correctly logged into both the main site and the forums.
I am trying to use Windows Authentication in my asp code. I have read / tried all answers on the web but couldnt my page to connect to sql. I m using classic asp.
My conn string looks like :
OCONN.OPEN ("PROVIDER=SQLOLEDB; DATA SOURCE myserver; INITIAL CATALOG=nrth; Integrated Security=SSPI; trusted_Connection=yes")
but I mgetting error
Microsoft OLE DB Provider for SQL Server
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.error '80004005'
I have a domain: http://www.mydomain.com. This domain is redirected to http://mydomain.anotherDomain.com.
I user forms authorization, so when the user navigates to Default.aspx he is redirected to Login.aspx. Pretty standard stuff.
On FireFox the user can log in on both on http://www.mydomain.com and http://mydomain.anotherDomain.com.
But with Explorer http://www.mydomain.com doesn't work. I only get the Login.aspx page.
Can it have anything to do with that on http://www.mydomain.com I can't see the filename ('Default.aspx', 'Login.aspx')? How can I enable so the filename is included in the redirected domain?
I have an intranet web application. There are 2 user groups, group A belongs to the domain and group B does not. If I set the IIS to enable anonymous access, Request.ServerVariables("LOGON_USER") always return nothing. If I disable anonymous access and set Integrated Windows authenication, a Windows login prompt will come up if group B's users want to access the website.
How can I setup IIS so that when domain user access the website, it will direct to the main page with Session("user_name") = Request.ServerVariables("LOGON_USER"). If a user is not a domain user, the website will direct him/her to a login.aspx instead of having the Windows authenication prompt, then set Session("user_name") = txtUserName.Text, and finally redirect to the website main page ?
We have a website for our company on one domain and we have a login form to a webmail solution on another domain.Now i would like to build a form on our website the transfers the request to the login form on the webmail domain and automatically validate the user if user and pass are correct.Need help to find the correct way of doing this. The domains is hosted by our company, the website and webmail is on different servers. I don't want to use the querystring,
The following code works as it was originally designed to move a file from one directory to another directory on the same server, but I need to change it to work so it will move a file from one server to another server. My challenge is how to define the source directory on a different server and check if file exists.
Code behind:
Protected Sub btnSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSubmit.Click
