Slow authentication to LDAP Server on initial login attempt - asp.net

The application I setup uses an AspNetActiveDirectoryMembershipProvider to an LDAP server with Forms Authentication. The user authenticates properly, but the first time a user tries to log in a new browser window causes a delay of over one minute till it authenticates. If the user logs out of the application (but doesn't close the browser) and tries to log back in it only takes around 6-7 seconds to authenticate.
I figure the second authentication is using a cached connection or socket to make up the initial slow behavior. But how do I get around this problem for the first attempt? Can I somehow initiate a connection to the LDAP server during page load thus saving time during the login process?
Note: I've checked over the LDAP connection string and it's as direct as it's going to get.
<add name="ADService" connectionString="LDAP://doctor.at.ad.cynwulfdesign.com/CN=Users,DC=at,DC=ad,DC=cynwulfdesign,DC=com" />
...
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<clear/>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADService"
attributeMapUsername="sAMAccountName"/>
</providers>
</membership>

I happened across the reason why the LDAP was taking so long. At first, I thought it was a problem within the Active Directory database causing a slow response. But it appears that it needed the LDAP port number to speed things up. Once I added ":389" to the LDAP url it went from 1:07 down to :03 seconds to authenticate. It's amazing what adding a port number can do to increase response time. I would have figured it already knew what the default LDAP port was. Live and learn.
<add name="ADService" connectionString="LDAP://doctor.at.ad.cynwulfdesign.com:389/CN=Users,DC=at,DC=ad,DC=cynwulfdesign,DC=com" />

Related

timeout setting inside the web.config's <authentication> tag

I am working on an asp.net mvc-4 web application hosted under IIS-8 and windows server 2008 R2.
now for the asp.net mvc i am using form authentication, which is integrated with our active directory.
here is the related entities inside our web.config :-
<membership>
<providers>
<add name="TestDomain1ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="TestDomain1ConnectionString" connectionUsername="*********" connectionPassword="******" attributeMapUsername="sAMAccountName" />
</providers>
</membership>
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="40320" />
</authentication>
now my question is about the timeout parameter inside the <forms>. now i understand this setting as follow:-
When the user first login to the web application , he will enter a username & password. if his credentials are valid, a browser cookie will be generated to him, and saved inside the browser cache. now since i have specified a timeout="40320". this means that the browser cookie will expire after 40320 minute ?? is this correct ? so if the user try to access the system after 40320+ minute from his first login, then IIS will see that the passed cookie is expired and will logout the user .. is this correct ?
https://msdn.microsoft.com/en-IN/library/1d3t3c61(v=vs.85).aspx
Optional attribute.
Specifies the time, in integer minutes, after which the cookie expires. If the SlidingExpiration attribute is true, the timeout attribute is a sliding value, expiring at the specified number of minutes after the time that the last request was received. To prevent compromised performance, and to avoid multiple browser warnings for users who have cookie warnings turned on, the cookie is updated when more than half of the specified time has elapsed. This might cause a loss of precision. The default is "30" (30 minutes).

my asp.net app session working in my local system , when I deploy on the remote server it is not working?

Hello friends help me,
I have my asp.net web application running locally, I have session variable, If I test any number of times locallay it is working, But When I deploy on remote server it is not working means no session value, session is empty,
<sessionState mode="InProc" timeout="1440">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
</providers>
</sessionState>
Please can any one give me solutions?
Regards
Ram.
Not enough Rep to leave a comment, so I'll ask here. Is the remote server(s) load balanced? If so, your first request may be creating the session variable on Server 1, but the next request may go to Server 2, where the session variable does not exist.
You may want to consider a different Session State Mode
Now it is working, due to Server Ip address I got exception when Updating my database with session[username]. I thought my session is not working, actually my session is working, it is the web service API has restriction with ipaddress.Thats why I got the invalid session error.
my client papercut, and ogone payment gateway find these reason and informed me.Now it is working fine.
I thank you all the people spend time for me.
thanking you for your support

ASP.NET Profile Properties returning another users results

I am using ASP.NET profile properties in .NET framework 2.0 application.
Hosting: On Amanzon server
Operating System: Windows Server 2012
Sql Server : 2012
IIS: 8.5
Profile Properties are anonymous users
What is happening with the end users (not able to replicate myself) that the end users are seeing the profile properties of another user
Example Say i have country USA set in my profile property
Next time i visit the webpage it may show some another Country which may be set by another user.
In IIS currently User Mode caching and Kerner Mode Caching enable.
Additionally:
I recently change the hosting means moved to another server so is that anything to do
with properties of anonymous users or do i need to clean all of the current profile users
data which i am scare of
Code:
<profile enabled="true" defaultProvider="AspNetSqlProfileProvider">
<properties>
<add name="ActionRemember" allowAnonymous="true" />
<add name="ActionName" allowAnonymous="true" />
/// huge list of properties .......
</properties>
<providers>
<remove name="AspNetSqlProfileProvider" />
<add name="AspNetSqlProfileProvider" connectionStringName="LocalSql2005Server" applicationName="/" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</profile>
Open to give you more details..
Update: I disabled Kernel Caching for the aspx page and the error still persists
Static variables retain their values across user sessions.
You will run in concurrency issues as more than one thread servicing a request can modify the value of the variable.
What happens if there are 2 users simultaneously logged in from two
computers, User 1 sets the value as 100, then User 2 sets the value as
200. after that user 1 invokes the Get Value button.
What will he see as the value?
The user will see 200 afterwards.
I added a link for additional information here

ASP.NET Oracle ODP.NET Integrated Security Slowness

The following results in successful sub-second page loads.
<add name="test"
connectionString="Data Source=TEST_ORACLE;User Id=user;Password=password;" />
The following subtle change to use the app pool's custom identity results in successful page loads that are 20+ times slower.
<add name="test"
connectionString="Data Source=TEST_ORACLE;User Id=/;" />
It appears that I at least got the trusted connection to work. What am I missing?
Try Integrated Security=SSPI; instead of User Id=/;
Does your app pool identity have network logon rights?
The connections strings that I use look like
<add
name="myOracleConnection"
connectionString="Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=MyServer)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=XE))); User Id=MyUser; Password=MyPassword;"
providerName="system.data.oracleclient"/>
I.e. I do not rely on these external configuration files (were they named .ora? I forgot it).
Maybe you can lower dependencies and side-effects if you also try to make your connection string self-containing with everything included?

using AD to authenticate to different domains

So we have been using the same login gode to connect to various domains in asp.net, with and without MVC. The code works.
We have a new server, first one to run server 2008 r2, set up with a directory structure similar to one of the ones that has been working.
Using forms authentication, I set up in the web.config
<add name="ADConnectionString" connectionString="LDAP://10.1.XXX.XXX"/>
and
<!--<authentication mode="Windows" />-->
<membership defaultProvider="MyADMembershipProvider" >
<providers >
<add name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
connectionUsername="XXXX\Brown.Eric"
connectionPassword="XXXX"
connectionProtection="None"
/>
</providers>
</membership>
It connects to build the membership provider just fine, but when I tryto use the exact same username and password to login on the forms login page (the stock asp.net stuff) it fails to login.
same user, same password that's being used to connect with the membership provider.
If I change the password in the web.config, I get an error that it's incorrect, so I know that the membership provider is getting connected with those credentials.
What I can't figure out is why can't I use the same credentials to login?
I've checked:
The user is not locked.
the user is not set to change password on next logon.
The user is not expired.
Any help or hints are apprecaited.
Thanks,
Cal-
Figured it out, had indavertantly removed the use SAM Account setting from the above
config, and it was wanting me to use userPrincipalName instead.
Switched it back to sam and all worked as expected.
Cal-

Resources