3

I have a WCF service, which works if I use one login, but throws the following error if I try logging in with any other login. Strangely enough, if I change the password to the working login, the new password doesn't work but the old one still does. It's almost like it is caching something.

The error I get is this:

Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again

The code that causes the error is this:

public UserModel Login(string username, string password)
{
    if (username == null || password == null)
        return null;

    using (var pContext = new PrincipalContext(ContextType.Machine))
    { 
        if (pContext.ValidateCredentials(username, password))
        {
            using (var context = new MyEntities())
            {
                // I can tell from a SQL trace that this piece never gets hit
                var user = (from u in context.Users
                            where u.LoginName.ToUpper() == username.ToUpper()
                                  && u.IsActive == true
                            select u).FirstOrDefault();

                if (user == null)
                    return null;

                var userModel = Mapper.Map<User, UserModel>(user);
                userModel.Token = Guid.NewGuid();
                userModel.LastActivity = DateTime.Now;

                authenticatedUsers.Add(userModel);
                sessionTimer.Start();

                return userModel;
            }
        }
    }

    return null;
}

I see a related question here, which suggests the problem is with the PrincipalContext, but no answer

Update

Got it working..... I restarted our production server because we needed to have this working for someone important within the next hour, and I thought since it that previous link suggested that a reboot would get a single login in that I would just reboot and login with the login needed to get it working for now, and after rebooting everything works absolutely perfectly. I spent most of yesterday, staying late, and all of this morning trying to figure this out. We're not supposed to reboot our web server, but it was important to get this working so I did it anyways, and now everything works the way it should.

I would still like to know what its problem was though. My best guess is that something caused the PrincipalContext to not dispose correctly, which was preventing me from logging in with any other set of credentials.

Rachel
  • 130,264
  • 66
  • 304
  • 490
  • Can you please post your ServiceModel tag in your config file (web.config / app.config), the one in your production environment, not your dev machine? – AJC Oct 04 '11 at 20:16
  • @AJC Updated to show the ServiceModel – Rachel Oct 04 '11 at 20:35
  • I wonder why don't you just debug your server-side code and catch any exceptions which occur. From what you've written it seems like the only place you catch exceptions is the client side. – Wiktor Zychla Oct 04 '11 at 20:46
  • How is the service hosted? IIS? – Gregory A Beamer Oct 04 '11 at 21:08
  • `` - you might want to try `true` here. And any impersonation settings in the config? – H H Oct 04 '11 at 22:35
  • @HenkHolterman It was true while I was debugging. I put it back when I left for the day. – Rachel Oct 04 '11 at 22:38
  • @GregoryABeamer Yes, it's hosted in IIS – Rachel Oct 04 '11 at 22:39
  • @WiktorZychla It works fine when I debug the service on my dev machine. It only happens on the production machine. – Rachel Oct 04 '11 at 22:40
  • I would saturate the `UserModel Login()` method with Trace statements. – H H Oct 04 '11 at 22:41
  • @HenkHolterman Do you know how I would write something to the trace file from WCF? – Rachel Oct 05 '11 at 12:06
  • For a quick bughunt the normal Diagnostics.Debug.Writeline() would be Ok. It is not recommended for production. WCF has its own Tracing and Logging (use the config tool) but I'm not sure that does well on authentication problems. – H H Oct 05 '11 at 12:29
  • @HenkHolterman Thanks, I think I've further narrowed it down to the `PrincipalContext`.... I'm thinking it must do something like cache usernames/passwords.... I really don't know. I edited my question to add the new info – Rachel Oct 05 '11 at 12:33
  • Ugh. Check this: http://stackoverflow.com/questions/290548/c-validate-a-username-and-password-against-active-directory for some alternative approaches. Looks like a hairy one to me, though. – Jeremy McGee Oct 05 '11 at 12:59
  • @JeremyMcGee Yes I'm looking into something similar, but I want to authenticate against the local machine, not active directory or the domain. – Rachel Oct 05 '11 at 13:02

1 Answers1

2

Restarting the server fixed the issue, although I'd still love to know what the problem was.

My best guess is that something caused the PrincipalContext to not dispose correctly, which was preventing me from logging in with any other set of credentials.

Rachel
  • 130,264
  • 66
  • 304
  • 490
  • Possibly related to the solution I found to another question of mine: [Why is PrincipalContext.ValidateCredentials validating against old credentials?](http://stackoverflow.com/a/11529459/302677) – Rachel Aug 08 '12 at 18:54