We're having speed problems still with the login control and the Ad membership provider.
We've tracked it down to a specific issue, when initally trying to connect for the first time, it sends this SAM LOGON message:
117 10.717526 10.140.4.84 10.140.4.223 SMB_NETLOGON SAM LOGON request from client
It Gets sent 4 seperate time on udp port 138 trying to connect to our AD server.
This takes over 30 seconds, the vast majority of our login times.
Is there any way to configure the Ad Membership Privder to not attempt to udp on this port/SAM LOGON,and just skip that step?
or does anyone know what needs to be altered on the server to make it respons to this request?
There was no firewall or anything like that between the machines. They were on the same switch.
Thanks,
adServer was notaccepting connections on 636 so we had to set connectionprotection = none.
it was not documetned anywhere, but I had to put ad\ in front of the username
or connection proteciton=none threw errors.
Once that was fixed the communication was only on 385 and login was very fast.
E-
Related
I really need your advice on this.
I have many TCP Client Devices. The Web application is going to be accessed by many users after an authentication.
The problem I need to solve is -
Create a TCP Listener for these client machines and that should be accessed by every user -
Solution I think - create a tcp connection on a page. Every user will create a new tcp connection from their device(local host) once the page is load . This is possible because every user pc is diferent so its going to be entirely different connection. But this solution is not going with problem 2.
The Machine broadcasts data every 30 seconds. So my application should be able to catch that data and update on the page.
This is I think is the main problem.
I know live data update on a web page can be done using SignalR. But SignalR does not connect with TCP Client machine directly. So what I was trying to do is -
1st - I tried making a WCF Service for TCP listener. WCF service will get data from machine and save into database from where signalR will do its job. But Whenever I am using wcf service my system is getting hang. So I dont know if its a right way to do that.
2nd - I tried creating Windows service as tcp listener. But I dont think its gonna work with web application.
To be very frank, I am not able to understand what should I do for this functionality.
From my side - I just want a TCP connection on application level that should be persistent, independent of user and should not close on any page reload.
Whenever that connection receives data it should be updated on every user's web browser without any reload.
I cannot use timer. It should be realtime.
According to what I found and understood, TCP connection is with a device so signalR can not be used directly. We need something else(like a service) in between to make it work with signalR.
So at the end, What should I do?
I hope I am clear enough to state my problem.
I just want to discuss so that my doubts can get clear and I may find the desired result at the end.
EDIT 1 :
In websocket, signalR... normally client refers to web browser.
Can a device(Multimedia control device) be a client similar to web browser for signalR?
I have a question about distinguishing user in HTTP.
I opened wireshark and web browser, started wandering in web pages on some known website. and noticed that my PC opened several TCP connections and on each connection there are several HTTP request\response.
My main goal is to identify user that wandering in my website (for example)
at first, I thought of finding matching response for each request but it is not trivial as I have done alot of reading about it. specially if there are several TCP connections for one user.
I also thought of identify user by its source port\ip- but there are several TCP connection for one user and there are more than one user (some of them might be beyond NAT).
So my question is how can I identify\isolate all the http requests\responses from one user given:
there are more that one user
some of them might connected to NAT
each user open several TCP connections for the "main" HTTP request
cookies might change during session
Is there some sniffer or library that already has this ability of distinguish between users (this http request\response belongs to that user)?
This process suppose to run on the fly.
Thanks alot.
I have an ASP.NET Web API application running behind a load balancer. Some clients keep an HTTP busy connection alive for too much time, creating unnecessary affinity and causing high load on some server instances. In order to fix that, I wish to gracefully close a connection that is doing too much requests in a short period of time (thus forcing the client to reconnect and pick a different server instance) while at same time keeping low traffic connections alive indefinitely. Hence I cannot use a static configuration.
Is there some API that I can call to flag a request to "answer this then close the connection" ? Or can I simply add the Connection: close HTTP header that ASP.NET will see and close the connection for me?
It looks like the good solution for your situation will be the built-in IIS functionality called Dynamic IP restriction. "To provide this protection, the module temporarily blocks IP addresses of HTTP clients that make an unusually high number of concurrent requests or that make a large number of requests over small period of time."
It is supported by Azure Web Apps:
https://azure.microsoft.com/en-us/blog/confirming-dynamic-ip-address-restrictions-in-windows-azure-web-sites/
If that is the helpful answer, please mark it as a helpful or mark it as the answer. Thanks!
I am not 100% sure this would work in your situation, but in the past I have had to block people coming from specific IP addresses geographically and people coming from common proxies. I created an Authorized Attribute class following:
http://www.asp.net/web-api/overview/security/authentication-filters
In would dump the person out based on their IP address by returning a HttpStatusCode.BadRequest. On every request you would have to check a list of bad ips in the database and go from there. Maybe you can handle the rest client side, because they are going to get a ton of errors.
Write an action filter that returns a 302 Found response for the 'blocked' IP address. I would hope, the client would close the current connection and try again on the new location (which could just be the same URL as the original request).
We have a gaming application in which clients, all running IE make calls to web services using the API generated by the ASP.NET ScriptManager.
After a certain period of time, we start getting failures, with Fiddler showing the following error coming back from the server:
Connection to xxx.yyy.net failed.Exception Text: Only one usage of each socket address (protocol/network address/port) is normally permitted
We are not in control of the server's hardware, so altering the TCP/IP settings is not an easy option. Anyone have thoughts on how to deal with this?
This blog post seems relevant.
"Here is the scoop 1. When you make authenticated calls, the client is closing connections. And when you are making authenticated calls repeatedly to the same server, you are making and closing connections repeatedly 2. The same might happen when you are making regular http [un authenticated] calls but setting keep-alive = false."
http://blogs.msdn.com/b/dgorti/archive/2005/09/18/470766.aspx
My site sends confirmation emails from a purchase. 95% of the time, it works. The other 5% after clicking the 'Confirm' button that runs the payment and should send the email, i get the following exception:
Details:
Exception: Failure sending mail.
Inner Exception: Unable to connect to
the remote server
Inner Exception
(2): A connection attempt failed
because the connected party did not
properly respond after a period of
time, or established connection failed
because connected host has failed to
respond 72.167.234.197:25
The code to send the email is this:
Dim smtpClientPayPalSuccess As System.Net.Mail.SmtpClient = New System.Net.Mail.SmtpClient()
smtpClientPayPalSuccess.Host = "relay-hosting.secureserver.net"
smtpClientPayPalSuccess.Send(mailMessagePayPalSuccess)
FYI: I have confirmed with the hosting that I don't need any credentials, or a different port number than 25. This is also running over https.
Any idea why this would be happening only a small percentage of the time?
Thanks.
Dave
I don't know why the mail fails part of the time. As far as I know it could be scheduled maintenance of the firewalls or the mail server itself.
I would advise you to send the mail asynchronously, and not as part of the 'Confirm' button process. Just put the mail on a (persistent) store and keep trying to send it with some time in between.
Alternatively (and heartily recommended) is to send the mail from your app to a local mail server, and let that mail server forward the mail to 72.167.234.197:25. That way you get the retries for free and the chance that sending mail to localhost fails is quite small (or it should be small).
It is possible and quite likely based on your exposition, that there are actual network errors that prevent your site from connecting/communicating with the SMTP server. This could be the result of too much traffic, or maybe slow network connections. My recommendation would be to put a try/catch around the emailing code, and maybe retry sending the e-mail a few times before giving up.
When you mention that this is working 95% of the time it shows that the problem most likely lies outside of your control.
As a side note, you should maybe consider not giving up the actual IP address of your SMTP server (it is of no consequence to the question)