Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Incorrect LogonUserIdentity.Name

Reply
Thread Tools

Incorrect LogonUserIdentity.Name

 
 
Scott_A
Guest
Posts: n/a
 
      07-09-2008
We have an AD user account that was setup as R_Smith and then was changed to
JR_Smith.

One of our web applications does a database look up using the
LogonUserIdentity.Name value but this is still returning R_Smith even though
the user logged onto his box with JR_Smith.



Also I created a page that looked at the server variables and AUTH_USER,
LOGON_USER and REMOTE_USER all return the correct JR_Smith. This page is
running on the same web server and in the same virtual directory as the web
application. Why would the server variables return different values to the
LogonUserIdentity.Name? Do they pull different attributes from AD? All the
account settings in AD look fine.

Any ideas?

Thanks

Scott

(I have also posted this on the asp.net forums but have had no luck yet)
 
Reply With Quote
 
 
 
 
Joe Kaplan
Guest
Posts: n/a
 
      07-09-2008
Did you try rebooting the box? Maybe something is cached somewhere in LSA
memory? I'm uncertain why the server variables would be up to date but this
code would be wrong, but perhaps there are different underlying API calls
that get the data from different places.

It will probably eventually fix itself either way.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Scott_A" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We have an AD user account that was setup as R_Smith and then was changed
> to
> JR_Smith.
>
> One of our web applications does a database look up using the
> LogonUserIdentity.Name value but this is still returning R_Smith even
> though
> the user logged onto his box with JR_Smith.
>
>
>
> Also I created a page that looked at the server variables and AUTH_USER,
> LOGON_USER and REMOTE_USER all return the correct JR_Smith. This page is
> running on the same web server and in the same virtual directory as the
> web
> application. Why would the server variables return different values to the
> LogonUserIdentity.Name? Do they pull different attributes from AD? All the
> account settings in AD look fine.
>
> Any ideas?
>
> Thanks
>
> Scott
>
> (I have also posted this on the asp.net forums but have had no luck yet)



 
Reply With Quote
 
 
 
 
Scott_A
Guest
Posts: n/a
 
      07-09-2008
Thanks for the reply.

Yes I have rebooted the box and have also run that code on different boxes
that authenticate to different DC's. ("%logonserver%")

I also think there are different API's in play but which ones and where do
they get their info from?

Scott

"Joe Kaplan" wrote:

> Did you try rebooting the box? Maybe something is cached somewhere in LSA
> memory? I'm uncertain why the server variables would be up to date but this
> code would be wrong, but perhaps there are different underlying API calls
> that get the data from different places.
>
> It will probably eventually fix itself either way.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services Programming"
> http://www.directoryprogramming.net
> --
> "Scott_A" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > We have an AD user account that was setup as R_Smith and then was changed
> > to
> > JR_Smith.
> >
> > One of our web applications does a database look up using the
> > LogonUserIdentity.Name value but this is still returning R_Smith even
> > though
> > the user logged onto his box with JR_Smith.
> >
> >
> >
> > Also I created a page that looked at the server variables and AUTH_USER,
> > LOGON_USER and REMOTE_USER all return the correct JR_Smith. This page is
> > running on the same web server and in the same virtual directory as the
> > web
> > application. Why would the server variables return different values to the
> > LogonUserIdentity.Name? Do they pull different attributes from AD? All the
> > account settings in AD look fine.
> >
> > Any ideas?
> >
> > Thanks
> >
> > Scott
> >
> > (I have also posted this on the asp.net forums but have had no luck yet)

>
>
>

 
Reply With Quote
 
Joe Kaplan
Guest
Posts: n/a
 
      07-09-2008
I'm not really what's going on then. I can tell you that the
WindowsIdentity class uses the various Translate methods off the
IdentityReferenceCollection to do name translation (really different than
..NET 1.x) and those use the LsaLookupSids under the hood among other things.
It would appear that that particular API is returning the old name for some
reason while some other APIs are not.

I still don't know what the root of the problem is or how to get it resolved
though, especially if rebooting didn't resolve it.

Sorry.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Scott_A" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks for the reply.
>
> Yes I have rebooted the box and have also run that code on different boxes
> that authenticate to different DC's. ("%logonserver%")
>
> I also think there are different API's in play but which ones and where do
> they get their info from?
>
> Scott
>
> "Joe Kaplan" wrote:
>
>> Did you try rebooting the box? Maybe something is cached somewhere in
>> LSA
>> memory? I'm uncertain why the server variables would be up to date but
>> this
>> code would be wrong, but perhaps there are different underlying API calls
>> that get the data from different places.
>>
>> It will probably eventually fix itself either way.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> --
>> "Scott_A" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > We have an AD user account that was setup as R_Smith and then was
>> > changed
>> > to
>> > JR_Smith.
>> >
>> > One of our web applications does a database look up using the
>> > LogonUserIdentity.Name value but this is still returning R_Smith even
>> > though
>> > the user logged onto his box with JR_Smith.
>> >
>> >
>> >
>> > Also I created a page that looked at the server variables and
>> > AUTH_USER,
>> > LOGON_USER and REMOTE_USER all return the correct JR_Smith. This page
>> > is
>> > running on the same web server and in the same virtual directory as the
>> > web
>> > application. Why would the server variables return different values to
>> > the
>> > LogonUserIdentity.Name? Do they pull different attributes from AD? All
>> > the
>> > account settings in AD look fine.
>> >
>> > Any ideas?
>> >
>> > Thanks
>> >
>> > Scott
>> >
>> > (I have also posted this on the asp.net forums but have had no luck
>> > yet)

>>
>>
>>



 
Reply With Quote
 
Joe Kaplan
Guest
Posts: n/a
 
      07-09-2008
Note that you might consider using a more durable key into your SQL database
in the future to help avoid these types of problems.

The ideal thing to use for AD users is the GUID (objectGUID attribute in the
directory) since it rename safe, even across domain moves in a multi-domain
forest, is fixed size, has convenient binary and string representations and
also fits nicely into the SQL UniqueIdentifier type.

Another thing you could use is the SID. It isn't as durable and is variable
length, but it is more rename safe. It is also easier to get from the
WindowsIdentity since it is built in where as the GUID would require some
sort of a lookup.

Just an idea. It sounds like that ship may have already sailed and you
really just need to get this fixed, but this may not be the last time you
have this problem.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Scott_A" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks for the reply.
>
> Yes I have rebooted the box and have also run that code on different boxes
> that authenticate to different DC's. ("%logonserver%")
>
> I also think there are different API's in play but which ones and where do
> they get their info from?
>
> Scott
>
> "Joe Kaplan" wrote:
>
>> Did you try rebooting the box? Maybe something is cached somewhere in
>> LSA
>> memory? I'm uncertain why the server variables would be up to date but
>> this
>> code would be wrong, but perhaps there are different underlying API calls
>> that get the data from different places.
>>
>> It will probably eventually fix itself either way.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> --
>> "Scott_A" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > We have an AD user account that was setup as R_Smith and then was
>> > changed
>> > to
>> > JR_Smith.
>> >
>> > One of our web applications does a database look up using the
>> > LogonUserIdentity.Name value but this is still returning R_Smith even
>> > though
>> > the user logged onto his box with JR_Smith.
>> >
>> >
>> >
>> > Also I created a page that looked at the server variables and
>> > AUTH_USER,
>> > LOGON_USER and REMOTE_USER all return the correct JR_Smith. This page
>> > is
>> > running on the same web server and in the same virtual directory as the
>> > web
>> > application. Why would the server variables return different values to
>> > the
>> > LogonUserIdentity.Name? Do they pull different attributes from AD? All
>> > the
>> > account settings in AD look fine.
>> >
>> > Any ideas?
>> >
>> > Thanks
>> >
>> > Scott
>> >
>> > (I have also posted this on the asp.net forums but have had no luck
>> > yet)

>>
>>
>>



 
Reply With Quote
 
Scott_A
Guest
Posts: n/a
 
      07-09-2008
Thanks for the help and ideas. It's for a 3rd party app that I had to
decompile a bit to see what was happening.

I will wait another night and reboot in the morning and hope that it
resolves itself like these usually do.

Scott

"Joe Kaplan" wrote:

> Note that you might consider using a more durable key into your SQL database
> in the future to help avoid these types of problems.
>
> The ideal thing to use for AD users is the GUID (objectGUID attribute in the
> directory) since it rename safe, even across domain moves in a multi-domain
> forest, is fixed size, has convenient binary and string representations and
> also fits nicely into the SQL UniqueIdentifier type.
>
> Another thing you could use is the SID. It isn't as durable and is variable
> length, but it is more rename safe. It is also easier to get from the
> WindowsIdentity since it is built in where as the GUID would require some
> sort of a lookup.
>
> Just an idea. It sounds like that ship may have already sailed and you
> really just need to get this fixed, but this may not be the last time you
> have this problem.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services Programming"
> http://www.directoryprogramming.net
> --
> "Scott_A" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Thanks for the reply.
> >
> > Yes I have rebooted the box and have also run that code on different boxes
> > that authenticate to different DC's. ("%logonserver%")
> >
> > I also think there are different API's in play but which ones and where do
> > they get their info from?
> >
> > Scott
> >
> > "Joe Kaplan" wrote:
> >
> >> Did you try rebooting the box? Maybe something is cached somewhere in
> >> LSA
> >> memory? I'm uncertain why the server variables would be up to date but
> >> this
> >> code would be wrong, but perhaps there are different underlying API calls
> >> that get the data from different places.
> >>
> >> It will probably eventually fix itself either way.
> >>
> >> --
> >> Joe Kaplan-MS MVP Directory Services Programming
> >> Co-author of "The .NET Developer's Guide to Directory Services
> >> Programming"
> >> http://www.directoryprogramming.net
> >> --
> >> "Scott_A" <(E-Mail Removed)> wrote in message
> >> news:(E-Mail Removed)...
> >> > We have an AD user account that was setup as R_Smith and then was
> >> > changed
> >> > to
> >> > JR_Smith.
> >> >
> >> > One of our web applications does a database look up using the
> >> > LogonUserIdentity.Name value but this is still returning R_Smith even
> >> > though
> >> > the user logged onto his box with JR_Smith.
> >> >
> >> >
> >> >
> >> > Also I created a page that looked at the server variables and
> >> > AUTH_USER,
> >> > LOGON_USER and REMOTE_USER all return the correct JR_Smith. This page
> >> > is
> >> > running on the same web server and in the same virtual directory as the
> >> > web
> >> > application. Why would the server variables return different values to
> >> > the
> >> > LogonUserIdentity.Name? Do they pull different attributes from AD? All
> >> > the
> >> > account settings in AD look fine.
> >> >
> >> > Any ideas?
> >> >
> >> > Thanks
> >> >
> >> > Scott
> >> >
> >> > (I have also posted this on the asp.net forums but have had no luck
> >> > yet)
> >>
> >>
> >>

>
>
>

 
Reply With Quote
 
Joseph Sedlar
Guest
Posts: n/a
 
      08-23-2010
I am running into the same exact problem. Did you ever resolve this issue?

> On Wednesday, July 09, 2008 11:36 AM Scott wrote:


> We have an AD user account that was setup as R_Smith and then was changed to
> JR_Smith.
>
> One of our web applications does a database look up using the
> LogonUserIdentity.Name value but this is still returning R_Smith even though
> the user logged onto his box with JR_Smith.
>
>
>
> Also I created a page that looked at the server variables and AUTH_USER,
> LOGON_USER and REMOTE_USER all return the correct JR_Smith. This page is
> running on the same web server and in the same virtual directory as the web
> application. Why would the server variables return different values to the
> LogonUserIdentity.Name? Do they pull different attributes from AD? All the
> account settings in AD look fine.
>
> Any ideas?
>
> Thanks
>
> Scott
>
> (I have also posted this on the asp.net forums but have had no luck yet)



>> On Wednesday, July 09, 2008 1:06 PM Joe Kaplan wrote:


>> Did you try rebooting the box? Maybe something is cached somewhere in LSA
>> memory? I'm uncertain why the server variables would be up to date but this
>> code would be wrong, but perhaps there are different underlying API calls
>> that get the data from different places.
>>
>> It will probably eventually fix itself either way.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services Programming"
>> http://www.directoryprogramming.net
>> --
>> "Scott_A" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...



>>> On Wednesday, July 09, 2008 2:24 PM Scott wrote:


>>> Thanks for the reply.
>>>
>>> Yes I have rebooted the box and have also run that code on different boxes
>>> that authenticate to different DC's. ("%logonserver%")
>>>
>>> I also think there are different API's in play but which ones and where do
>>> they get their info from?
>>>
>>> Scott
>>>
>>> "Joe Kaplan" wrote:



>>>> On Wednesday, July 09, 2008 2:54 PM Joe Kaplan wrote:


>>>> I'm not really what's going on then. I can tell you that the
>>>> WindowsIdentity class uses the various Translate methods off the
>>>> IdentityReferenceCollection to do name translation (really different than
>>>> .NET 1.x) and those use the LsaLookupSids under the hood among other things.
>>>> It would appear that that particular API is returning the old name for some
>>>> reason while some other APIs are not.
>>>>
>>>> I still don't know what the root of the problem is or how to get it resolved
>>>> though, especially if rebooting didn't resolve it.
>>>>
>>>> Sorry.
>>>>
>>>> --
>>>> Joe Kaplan-MS MVP Directory Services Programming
>>>> Co-author of "The .NET Developer's Guide to Directory Services Programming"
>>>> http://www.directoryprogramming.net
>>>> --
>>>> "Scott_A" <(E-Mail Removed)> wrote in message
>>>> news:(E-Mail Removed)...



>>>>> On Wednesday, July 09, 2008 2:58 PM Joe Kaplan wrote:


>>>>> Note that you might consider using a more durable key into your SQL database
>>>>> in the future to help avoid these types of problems.
>>>>>
>>>>> The ideal thing to use for AD users is the GUID (objectGUID attribute in the
>>>>> directory) since it rename safe, even across domain moves in a multi-domain
>>>>> forest, is fixed size, has convenient binary and string representations and
>>>>> also fits nicely into the SQL UniqueIdentifier type.
>>>>>
>>>>> Another thing you could use is the SID. It isn't as durable and is variable
>>>>> length, but it is more rename safe. It is also easier to get from the
>>>>> WindowsIdentity since it is built in where as the GUID would require some
>>>>> sort of a lookup.
>>>>>
>>>>> Just an idea. It sounds like that ship may have already sailed and you
>>>>> really just need to get this fixed, but this may not be the last time you
>>>>> have this problem.
>>>>>
>>>>> --
>>>>> Joe Kaplan-MS MVP Directory Services Programming
>>>>> Co-author of "The .NET Developer's Guide to Directory Services Programming"
>>>>> http://www.directoryprogramming.net
>>>>> --
>>>>> "Scott_A" <(E-Mail Removed)> wrote in message
>>>>> news:(E-Mail Removed)...



>>>>>> On Wednesday, July 09, 2008 4:34 PM Scott wrote:


>>>>>> Thanks for the help and ideas. It's for a 3rd party app that I had to
>>>>>> decompile a bit to see what was happening.
>>>>>>
>>>>>> I will wait another night and reboot in the morning and hope that it
>>>>>> resolves itself like these usually do.
>>>>>>
>>>>>> Scott
>>>>>>
>>>>>> "Joe Kaplan" wrote:



>>>>>> Submitted via EggHeadCafe - Software Developer Portal of Choice
>>>>>> WPF Control?s Default Style or Template by Extending the WPF Designer in Visual Studio 2010
>>>>>> http://www.eggheadcafe.com/tutorials...udio-2010.aspx

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
After SP2, WEP Key Identified As Incorrect!!! Curt Wireless Networking 1 03-05-2005 07:41 PM
Incorrect(?) behavior of Next key in TB 1.0 Z Firefox 3 01-15-2005 01:17 AM
[Mozilla Thunderbird] Incorrect Date Header For 2005 =?ISO-8859-1?Q?Tomi_H=E4s=E4?= Firefox 9 01-08-2005 02:20 AM
Incorrect bookmark 'icons' in Firefox SC Firefox 5 12-13-2004 06:36 PM
Device status incorrect =?Utf-8?B?SG93YXJkX1dvb2RhcmQ=?= Wireless Networking 1 09-06-2004 11:08 PM



Advertisments