user.identity.name returns old AD user name

Discussion in 'ASP .Net Security' started by Antonio O''Neal, Oct 31, 2008.

  1. We changed a username in AD. The user now logs on to a computer on our
    network using the new username without any problems. They can not logon using
    the old username. However, when they access a IIS 6.0 web site where a
    programmer compares system.web.httpcontext.current.user.identity.name to a
    lookup table containing usernames they could not gain access with the new
    userid. We created a web page to show what
    system.web.httpcontext.current.user.identity.name is returning. It is
    returning their old username. If we put the old username in the table the
    user may access the web site. The IIS site logs for the web site show the
    new username for the user as he accesses the site. I have used adsiedit to
    look at the user's information in AD. It shows only the new username through
    out the the account parameters.

    We also have a sharepoint 3.0 site that shows the user's old username when
    he accesses that site.

    What can I do so system.web.httpcontext.current.user.identity.name will
    contain the new username for this renamed account?

    Thank you,
    Antonio
     
    Antonio O''Neal, Oct 31, 2008
    #1
    1. Advertisements

  2. Antonio O''Neal

    Joe Kaplan Guest

    Does the problem go away if you reboot the web server? It sounds like the
    LSA on the web server has cached the username for this particular user's SID
    and isn't actually going to a domain controller to look it up. I would
    expect this cache is is memory and would get wiped out by a reboot. I would
    also expect this problem to eventually go away.

    The other possibility is that the web server is talking to a domain
    controller that has not picked up the update yet via normal replication, but
    that sounds less likely unless replication is weird/broken in this
    environment.

    Joe K.
     
    Joe Kaplan, Oct 31, 2008
    #2
    1. Advertisements

  3. Joe,

    First, thank you for the quick response.

    Rebooting did fix the issue on a test server. We were hoping to find
    something we could do that would not require a reboot like clearing a cache
    area. We have some kiosks that access a different web site on the same
    server which sometimes have problems when we reboot this production server .
    Is there anything else we can do?
     
    Antonio O''Neal, Oct 31, 2008
    #3
  4. Antonio O''Neal

    Joe Kaplan Guest

    Unfortunately I have an imperfect understanding of the problem, so I'm not
    sure.

    This KB article seems relevant and has info on changing some cache behaviors
    via registry settings, so you might try this to see if it works for you.

    http://support.microsoft.com/kb/946358

    Joe K.
     
    Joe Kaplan, Oct 31, 2008
    #4
  5. Thank you! I will read it over.

    Have a nice weekend!
     
    Antonio O''Neal, Oct 31, 2008
    #5
  6. Joe,

    That fixed the problem. I did not even have to reboot for the change to
    take effect.

    Thank you,
    Antonio
     
    Antonio O''Neal, Nov 3, 2008
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.