更改用户登录名后身份验证错误 [英] Wrong authentication after changing user's logon name

问题描述

我们有一个最近更改名称的用户.

We have a user who recently changed name.

假设旧用户名是old.name，新用户名是new.name.

Let's say the old username was old.name and the new username is new.name.

在AD中编辑详细信息并使用新用户名注销/登录后，我们的ASP.NET应用程序将显示旧名称.

After editing the details in AD and logout/login with the new user name, our ASP.NET application shows the old name.

使用Windows身份验证的纯ASP.NET，没有MVC.

Plain ASP.NET, no MVC, using Windows authentication.

获取用户名的代码是:

WindowsPrincipal wp = (WindowsPrincipal)HttpContext.Current.User;
String userName = wp.Identity.Name.Substring(wp.Identity.Name.IndexOf("\\") + 1);

这将返回old.name，而不是new.name.

This returns old.name, not new.name.

我检查了IIS日志文件，这些文件显示了新名称:

I checked the IIS log files, these show the new name:

2011-04-05 11:41:44 W3SVC1 MARS 10.57.1.64 GET /eft/Default.aspx - 80 - 10.57.0.161 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0C;+.NET4.0E) 401 2 2148074254

2011-04-05 11:41:44 W3SVC1 MARS 10.57.1.64 GET /eft/Default.aspx - 80 SANOMABP\new.name 10.57.0.161 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0C;+.NET4.0E) 200 0 0

我们已经重新启动了应用程序池，我们已经检查了AD数据，而且我们没有任何想法可能出问题了.

We have restarted the application pool, we have checked the AD data, and we have no more ideas what could be wrong.

推荐答案

从清晰的注释中移出正确的答案:

MOVING CORRECT ANSWER FROM COMMENTS FOR CLARITY:

@paolo:您可以尝试查看 support.microsoft.com/kb/946358

解决方法

要变通解决此问题，请禁用域成员计算机上的本地SID缓存.为此，请按照下列步骤操作:

To work around this issue, disable the local SID cache on the domain member computer. To do this, follow these steps:

1. 打开注册表编辑器.

1. Open Registry Editor.

要在Windows XP或Windows Server 2003中执行此操作，请单击开始，单击运行，键入regedit，然后单击确定.

To do this in Windows XP or in Windows Server 2003, click Start, click Run, type regedit, and then click OK.

要在Windows Vista和更高版本中执行此操作，请单击开始，在开始搜索框中键入regedit，然后按Enter.

To do this in Windows Vista and newer, Click Start, type regedit in the Start Search box, and then press ENTER.

找到以下注册表子项，然后右键单击它: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Lsa

Locate and then right-click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

指向新建，然后单击 DWORD值.

键入LsaLookupCacheMaxSize，然后按Enter.

Type LsaLookupCacheMaxSize, and then press ENTER.

右键单击 LsaLookupCacheMaxSize ，然后单击修改.

在值数据框中，键入0，然后单击确定.

In the Value data box, type 0, and then click OK.

退出注册表编辑器.

这篇关于更改用户登录名后身份验证错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！