17

We have a user who recently changed name.

Let's say the old username was old.name and the new username is new.name.

After editing the details in AD and logout/login with the new user name, our ASP.NET application shows the old name.

Plain ASP.NET, no MVC, using Windows authentication.

The code for getting the user name is:

WindowsPrincipal wp = (WindowsPrincipal)HttpContext.Current.User;
String userName = wp.Identity.Name.Substring(wp.Identity.Name.IndexOf("\\") + 1);

This returns old.name, not new.name.

I checked the IIS log files, these show the new name:

2011-04-05 11:41:44 W3SVC1 MARS 10.57.1.64 GET /eft/Default.aspx - 80 - 10.57.0.161 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0C;+.NET4.0E) 401 2 2148074254

2011-04-05 11:41:44 W3SVC1 MARS 10.57.1.64 GET /eft/Default.aspx - 80 SANOMABP\new.name 10.57.0.161 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0C;+.NET4.0E) 200 0 0

We have restarted the application pool, we have checked the AD data, and we have no more ideas what could be wrong.

Grhm
  • 6,726
  • 4
  • 40
  • 64
Biri
  • 7,101
  • 7
  • 38
  • 52
  • The IIS logs are showing a 401 (Unauthorized) which is presumably causing the browser to re-issue the request with the appropriate AD credentials (resulting in the 200 in the next line). This suggests that the correct user name in the IIS logs is coming from the client PC and not necessarily the same machine that is running your server code. Can you confirm whether they are the same machine or 2 different machines? – KP Taylor Apr 05 '11 at 12:12
  • 3
    you may try looking at http://support.microsoft.com/kb/946358 – Paolo Falabella Apr 05 '11 at 12:20
  • They are two different machine of course. The client uses his machine with an IE and the IIS is on a different machine. I will check the page you suggested. – Biri Apr 05 '11 at 12:23
  • That was the problem! Thank you, this article helped. – Biri Apr 05 '11 at 12:25
  • this is the answer I needed earlier this day. thanks! – jao May 26 '11 at 14:38
  • possible duplicate of [IIS Returning Old User Names to my application](http://stackoverflow.com/questions/168946/iis-returning-old-user-names-to-my-application) – Dave Markle Mar 10 '14 at 14:29

1 Answers1

15

MOVING CORRECT ANSWER FROM COMMENTS FOR CLARITY:

@paolo: you may try looking at support.microsoft.com/kb/946358

Workaround

To work around this issue, disable the local SID cache on the domain member computer. To do this, follow these steps:

  1. Open Registry Editor.

    To do this in Windows XP or in Windows Server 2003, click Start, click Run, type regedit, and then click OK.

    To do this in Windows Vista and newer, Click Start, type regedit in the Start Search box, and then press ENTER.

  2. Locate and then right-click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

  3. Point to New, and then click DWORD Value.

  4. Type LsaLookupCacheMaxSize, and then press ENTER.

  5. Right-click LsaLookupCacheMaxSize, and then click Modify.

  6. In the Value data box, type 0, and then click OK.

  7. Exit Registry Editor.

mm201
  • 526
  • 4
  • 15
roman m
  • 26,012
  • 31
  • 101
  • 133
  • And for the sake of clarity - you have to use this workaround on your IIS Server machine in order to work properly, not on client machines (considering ASP.NET WinAuth problems). – Jarzyn Oct 05 '14 at 23:00