Re: ASP.NET User.Identity.Name value after a domain username chang

---

• From: Allister <Allister@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Sat, 1 Apr 2006 23:41:02 -0800

---

Thanks for your help on this, Joe.

Can you point me to any resources I can use about getting the SID of the
WebRequest user without using the username as the base of a lookup (since I
can't rely on ASP.NET giving me that info accurately)?

Is this issue a bug in the framework? Since it isn't occurring under classic
ASP, my guess is yes. I've found only one other post by another user with
this exact issue elsewhere, but it wasn't resolved.

Cheers

Allister

"Joe Kaplan (MVP - ADSI)" wrote:

This is probably a result of the Local Security Authority on the server
caching the name for the user's SID. That would explain why a reboot solved
it.

I'm not sure there is anything you can do about this. You could get the
user's SID and look up the name directly against the directory with LDAP (or
perhaps try the Translate method on the SecurityIdentifier class). You
could also use the user's SID as a unique ID, which won't suffer from this
problem. The user's GUID is an even better key for a database, as it will
never change in AD and fits in a SQL unique identifier column really nicely.

Joe K.

"Allister" <Allister@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:528AF4F2-5A73-44DC-BFE0-38A24C1C6257@xxxxxxxxxxxxxxxx

Hey

I have an ASP.NET application that is on a Win2000 server in a domain with
Active Directory. There are a number of client machines on this domain
that
access a website on the server. IIS has Integrated Authentication only,
and
no Anonymous access. I use the User.Identity.Name in my C# code to get the
login name of the requesting user.

I have a very confusing issue when the domain login of a user is changed
(say, from "userZero" to "userOne"). If that user then accesses the site
again with their new login ("userOne"), the User.Identity.Name value in my
code is still returning the username as "userZero".

I thought this might have been some caching issue on the client so I
rebooted the client machine and accessed the site again. The server still
reports the login name to be "userZero". I've also tried accessing the
site
from another machine, and the ASP.NET code is still returning "userZero"
as
the login name. This is pretty fustrating since I use this value to locate
profile info for that user but ASP.NET isn't providing me with reliable
user
information.

I've output a list of the actual server variables from the
Request.ServerVariables collection:

AUTH_USER: gamma\userZero
LOGON_USER: gamma\userOne
REMOTE_USER: gamma\userZero

LOGON_USER seems to be the only variable that is reliably correct. The
others are coming from some unknown, outdated source (a cache perhaps?).

Classic ASP seems to work fine, and I can't reproduce this under that.

Resetting IIS didn't resolve this, but completely rebooting the webserver
did. In my situation, this is not at all ideal, and username changes
aren't
uncommon, given the number of users in the domain.

I've also reproduced this on a Windows 2003 server running the ASP.NET
app.

I don't think this is a serverside page caching issue because I output the
current date & time with the request, and it is correct, so the code is
executing on every refresh.

My question is how do I get ASP.NET to correctly report the username
(using
User.Identity.Name) after it changes on the domain? If this is a server
credential caching issue, how do I clear it, or force it to properly read
the
user's credentials?

Cheers

Allister

.

---

• Follow-Ups:
  • Re: ASP.NET User.Identity.Name value after a domain username chang
    • From: Joe Kaplan \(MVP - ADSI\)

• References:
  • Re: ASP.NET User.Identity.Name value after a domain username change
    • From: Joe Kaplan \(MVP - ADSI\)

• Prev by Date: Re: Encrypt and Decrypt with a password
• Next by Date: Re: Active Directory and Roles
• Previous by thread: Re: ASP.NET User.Identity.Name value after a domain username change
• Next by thread: Re: ASP.NET User.Identity.Name value after a domain username chang
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: SQL User SID format? ... When you move databases to another server, you can remap users to logins ... capability to remap a user to a login with new ALTER USER syntax - I ... The new ALTER USER syntax works for remapping both SQL and Windows ... this means you already have access to a SID from the syslogins catalog; ... (microsoft.public.sqlserver.security) Re: No username prompt SSHD ... it is the client side. ... The client takes the current user and passes that to the server as the ... To override this you must supply a username to the client in one of two ways: ... $ ssh -l login serveur ... (SSH) Re: Cant send mail through secure smarthost on 2003 ... that you are relaying all your users e-mail through your Exchange ... their SMTP server? ... username password. ... 250-AUTH PLAIN LOGIN ... (microsoft.public.exchange.admin) Re: Authentication problems? ... roaming profile to a local profile but it will not change. ... she receives a prompt to login to the server. ... The username you typed is the same as the username ... (microsoft.public.windows.server.active_directory) Re: Users Logging on to Domains ... Many IT technicians will deliberately configure and login to their work ... laptops as a non-domain user, to allow easier portability going from one ... If you go to a user PC, you log in as the Username, and the Domain ... All the server applications work as normal, ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)