Skip to main content

User.Identity returns old login name after name change

When a person gets married or makes a name change for some other reason this usually means that the login name for the Active Directory-account changes as well. This is rarely a problem, but it turned out to cause some issues on our web server, where the User.Identity property was still returning the old login name.

The user logged on with the new login name, but was identified by the web application as the old login name. The reason this occurs is because the User.Identity property relies on the LsaLookupSids method to convert the user SID to a login name. The method first calls the local LSA-cache, which is not synchronized with the Active Directory.

For this purpose a simple reboot of the web server to clear the LSA-cache propably would have sufficed. But since we didn't want to take the application offline rebooting was not an option. Instead, it is possible to set the registry value LsaLookupCacheMaxSize in HKLM\SYSTEM\CurrentControlSet\Control\Lsa. If this value is set to 0 the LSA-cache is cleared. It is recommended that the setting is reset after the cache is cleared, since the main purpose of the LSA-cache is to enhance performance.

Read more about this issue and the solution here: http://support.microsoft.com/kb/946358
Labels:

Comments

Post a Comment

Popular posts from this blog

LEAP Sweden - Identity & Access Management

Today was the third day of the Swedish Lead Enterprise Architect Program at Microsoft in Kista. It has been a day filled with sessions on security and identity with a kind of unavoidable focus on federated identities in the cloud. Overall it has been an awesome day with seminars from Henrik Nilsson , Barry O'Reilly and Sergio Molero among others. A lot of Microsoft technologies was mentioned, Forefront Identity Manager , Active Directory Federation Services 2.0 , Forefront Unified Access Gateway , Direct Access ,  Windows Identity Framework and of course  Azure Access Control Service . Microsoft really has a great suite of applications regarding Identity & Access Management. I just wish there was a project or two where I could utilize all of these amazing technologies. I have had a plan to add a login feature to the Cornball using federated identities, so that might happen in the near future. Besides, Björn Eriksen provided a tip for all of us thursty for e...
1 comment
Read more

The Cornball goes to Brunch with Chaplin

Lately I've been working pretty hard on different projects but not really stumbling upon anything blogworthy. The most recent project is quite interesting though, a single page, touch friendly, web application using the latest and greatest technologies. We've ended up with using Brunch with Chaplin , which is a very neat way of setting up a Backbone based single page web project with Brunch and Chaplin . Aside from this, I have my own little project that has lived on for almost 15 years already, The Cornball . From being a plain Windows application written i C an Win32 API, it has been ported to .NET using WPF, and is currently a Silverlight application hosted on Windows Azure. I could not find a better time to reanimate this project and create a new web based version, touch friendly, super optimized, awesome in any way. So I did... So please follow my journey at Github . It's going to take a while, I assure you, but I already have some ground work done. Meanwhile,...
3 comments
Read more

Using ASP.NET MVC with MEF

I wrote this post almost a year ago, but never published it for some reason. Anyway, here is a little MVC/MEF magic. By default a controller in MVC must have a parameterless constructor. When using MEF a good practice is to inject the services via constructor parameters. These two in combination obviously creates an issue where the following scenario will not work out of the box, since there is no parameterless constructor for  MVC  to use. Note that the PartCreationPolicy is set to NonShared since a new controller have to be initialized for each request. [Export] [PartCreationPolicy(CreationPolicy.NonShared)] public class HomeController : Controller {     private readonly IServiceClient _service;     [ImportingConstructor]     public HomeController(IServiceClient service)     {         _service = service;     }     public ActionResult Index()     {         ...
2 comments
Read more