Problem authenticating against renamed Active Directory account

Discussion in 'ASP .Net Security' started by Alan Lambert, Feb 10, 2009.

  1. Alan Lambert

    Alan Lambert Guest

    I've got a web (intranet) application that uses windows authentication. Once
    a user has connected the applicaiton picks up their username and looks up
    details in a database using the username as a key.

    The username is got from the following:

    ((WindowsPrincipal)Page.User).Identity.Name

    This works fine for everyone but a problem has recently cropped up. One
    persons AD account has recently been renamed.
    e.g. It was originally MYDOMAIN\JohnSmith and it is now MYDOMAIN\JohnJones

    Although the user can log on using MYDOMAIN\JohnJones the username resolves
    to MYDOMAIN\JohnSmith i.e. the original name.

    Is there a bug in the security api? Why is this occuring and how do I fix
    it?

    Thanks in advance for your help

    Alan
    Alan Lambert, Feb 10, 2009
    #1
    1. Advertising

  2. Alan Lambert

    Joe Kaplan Guest

    There was a discussion about this very problem recently. It seems to have
    to do with caching in the LSA. If rebooting the server doesn't flush the
    cache, you can adjust the behavior by changing a registry key. Do a few
    searches and you should find the relevant details.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    "Alan Lambert" <> wrote in message
    news:%...
    > I've got a web (intranet) application that uses windows authentication.
    > Once a user has connected the applicaiton picks up their username and
    > looks up details in a database using the username as a key.
    >
    > The username is got from the following:
    >
    > ((WindowsPrincipal)Page.User).Identity.Name
    >
    > This works fine for everyone but a problem has recently cropped up. One
    > persons AD account has recently been renamed.
    > e.g. It was originally MYDOMAIN\JohnSmith and it is now MYDOMAIN\JohnJones
    >
    > Although the user can log on using MYDOMAIN\JohnJones the username
    > resolves to MYDOMAIN\JohnSmith i.e. the original name.
    >
    > Is there a bug in the security api? Why is this occuring and how do I fix
    > it?
    >
    > Thanks in advance for your help
    >
    > Alan
    >
    Joe Kaplan, Feb 10, 2009
    #2
    1. Advertising

  3. Alan Lambert

    Alan Lambert Guest

    Joe, Allen

    Many thanks to both of you for your help.

    Alan
    Alan Lambert, Feb 11, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mrwoopey
    Replies:
    3
    Views:
    9,528
    mrwoopey
    Jun 30, 2003
  2. Alan Lambert
    Replies:
    3
    Views:
    405
    Alan Lambert
    Feb 11, 2009
  3. Paul East
    Replies:
    3
    Views:
    285
    Beginner
    Mar 2, 2004
  4. Boesman
    Replies:
    1
    Views:
    227
    Joe Kaplan
    Jan 8, 2007
  5. Phrogz
    Replies:
    1
    Views:
    110
    Justin Grudzien
    Apr 21, 2009
Loading...

Share This Page