Re: DirectoryEntry.NativeObject slow with ASP.Net, but fast in exe

From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 20 Jan 2006 15:46:38 -0600

Can I see the code?

Generally for this type of thing, you should use AuthenticationTypes.Secure.
The path should either specify no server name or the DNS name of the server
(not IP address or NETBIOS). Username should generally be in the form
domain\user or user@xxxxxxxxxxx

Note that the ADSI approach to authentication doesn't really scale well.
ADSI will open a new socket for each new user who connects, so you can
easily run out of TCP wildcard ports under load. To do auth with LDAP under
high volume, you really need to use a lower level API where you can manage
the connections yourself such as System.DirectoryServices.Protocols. You'll
get the best perf if you can use fast concurrent binding, but that requires
2003 AD or ADAM, 2003 clients and should be combined with SSL since it uses
plain text credentials.

If you want a different approach, calling LogonUser or using an SSPI wrapper
like NegotiateStream is a better idea.

Joe K.

"Vadim P" <VadimP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F01A0FEE-2D3F-4436-AA92-D61C3C0579CD@xxxxxxxxxxxxxxxx
>I am authenticating against an AD using DirectoryEntry and binding by
>getting
> NativeObject. Just two lines, create DirectoryEntry and call
> NativeObject.
> Functionally everything works. However, it takes over 13 sec to return
> NativeObject when invoked ASP.Net page. The same exact code in a test exe
> returns in less that one second. The LDAP are inside a utility class that
> lives in library, so the only difference is the how they are being called.
>
> I traced through the web page and the business object down to the
> statement
> level and confirmed that it is in fact entry.NativeObject consumes all of
> that time. I added ASPNET and IUSR_xxxxx accounts to the Administrators
> group. I tried every reasonable AuthenticationTypes value.
>
> If the user authenticates, logs out and authenticates again, the login is
> very quick. I assume this is due to caching.
>
> Any ideas on how I can improve performance? What should I try next?
>
> Thank you,
> -Vadim

.

Follow-Ups:
- Re: DirectoryEntry.NativeObject slow with ASP.Net, but fast in exe
  - From: Vadim P

Prev by Date: Re: Windows Authentication (asp.net 1.1 C#)
Next by Date: Re: Windows Authentication (asp.net 1.1 C#)
Previous by thread: Re: Windows Authentication (asp.net 1.1 C#)
Next by thread: Re: DirectoryEntry.NativeObject slow with ASP.Net, but fast in exe
Index(es):
- Date
- Thread

Relevant Pages

Authentication Question
... The service is running under the local system account NT ... ASPNET application authenticates ok. ... Server authenticates ok ... DirectoryEntry dirEntry = new DirectoryEntry (ldapADSPath, Username, ...
(microsoft.public.dotnet.languages.csharp)
Re: AD Sites and Services Question
... Tested the set logonserver and it is showing the DC on the remote site. ... I had one old NS record that I deleted for a server that no longer ... Network A exists at my main office ... authenticates with Network A DC's, but continues to go across out T1 ...
(microsoft.public.windows.server.active_directory)
Matching design pattern for class wrapping?
... I am in search of a design pattern which fits my problem. ... This server has multiple ... Authenticates - AuthenticationUser ... Interacts - InteractionUser ...
(comp.software.patterns)
Re: DirectoryEntry.NativeObject slow with ASP.Net, but fast in exe
... Public Function Authenticate(ByVal domain As String, ... > Joe K. ... >> NativeObject. ... >> If the user authenticates, logs out and authenticates again, the login is ...
(microsoft.public.dotnet.framework.aspnet.security)
WSE 3.0, kerberos
... WS/IIS and AD on the Windows 2003 server ... Here is the error messages: ... The client gets a session ticket from the KDC + a copy ... Then the client authenticates to the web service by providing the ...
(microsoft.public.dotnet.framework.webservices.enhancements)