Windows authentication and availability

[howard]

We are currently deploying an ASP.Net intranet application to our WAN. The
application uses integrated Windows authentication. At present, each time
there is a post-back, our code gets the user’s credentials and queries to see
whether the user is a member of certain Active Directory groups.

In order to improve availability in various disaster scenarios, we deploy
the application to a separate server at each of our 25 physical locations
around the country. There is also a separate domain controller at each
location. The idea is that even if the WAN fails, our application can still
run, provided that the local network is still up.

I have two questions regarding availability in various disaster recovery
scenarios.

1. If the local domain controller fails, will post-backs fail because of our
use of integrated Windows authentication?

2. Each time we query the user’s credentials, are round-trips to the domain
controller involved, or do the credentials get cached somewhere? We would be
willing to assume that the user's credentials don't change during a single
ASP.Net session.

 

[Paul Clement]

On Tue, 12 Oct 2004 14:25:02 -0700, "(e-mail address removed)"

¤ We are currently deploying an ASP.Net intranet application to our WAN. The
¤ application uses integrated Windows authentication. At present, each time
¤ there is a post-back, our code gets the user’s credentials and queries to see
¤ whether the user is a member of certain Active Directory groups.
¤
¤ In order to improve availability in various disaster scenarios, we deploy
¤ the application to a separate server at each of our 25 physical locations
¤ around the country. There is also a separate domain controller at each
¤ location. The idea is that even if the WAN fails, our application can still
¤ run, provided that the local network is still up.
¤
¤ I have two questions regarding availability in various disaster recovery
¤ scenarios.
¤
¤ 1. If the local domain controller fails, will post-backs fail because of our
¤ use of integrated Windows authentication?
¤

Not if you have a backup domain controller by which authentication can occur with respect to
resource access.

¤ 2. Each time we query the user’s credentials, are round-trips to the domain
¤ controller involved, or do the credentials get cached somewhere? We would be
¤ willing to assume that the user's credentials don't change during a single
¤ ASP.Net session.

Credentials (user ID and password) are cached at the browser level on the client.


Paul ~~~ (e-mail address removed)
Microsoft MVP (Visual Basic)

 

[howard]

Is information from Active Directory, namely group membership, cached?

 

[Paul Clement]

On Thu, 14 Oct 2004 13:51:04 -0700, "(e-mail address removed)"

¤ Is information from Active Directory, namely group membership, cached?

No, not automatically. If you are querying AD with ADSI or DirectoryServices programmatically you
would have to implement one of the various state or caching mechanisms in code if you wish to retain
this information between trips to the web server.


Paul ~~~ (e-mail address removed)
Microsoft MVP (Visual Basic)

 

[howard]

Thanks!

 

[Patrick.O.Ige]

How can i do these Caching mechanisms?

On Thu, 14 Oct 2004 13:51:04 -0700, "(e-mail address removed)"

¤ Is information from Active Directory, namely group membership, cached?

No, not automatically. If you are querying AD with ADSI or

DirectoryServices programmatically you

 

[Paul Clement]

¤ How can i do these Caching mechanisms?
¤

See the following:

Caching Architecture Guide for .NET Framework Applications
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/CachingArchch2.asp


Paul ~~~ (e-mail address removed)
Microsoft MVP (Visual Basic)