+1-888-365-2779
Try Now
More in this section

Forums / Security / Request times out when using AD providers

Request times out when using AD providers

10 posts, 0 answered
  1. Timothy VanFosson
    Timothy VanFosson avatar
    5 posts
    Registered:
    10 Sep 2009
    23 Jul 2010
    Link to this post

    I'm able to configure Sitefinity CMS for use with ActiveDirectory for administrative logins following instructions found on the Sitefinity knowledgebase.  This is what I have for a configuration:

    <connectionStrings>
        <add name="IowaDomain" connectionString="LDAP://iowa.uiowa.edu" />
    </connectionStrings>
    ....
    <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="Sitefinity">
        <providers>
            <clear />
            <add connectionStringName="DefaultConnection" applicationName="/" name="Public" type="Telerik.DataAccess.AspnetProviders.TelerikRoleProvider, Telerik.DataAccess" />
            <add name="Sitefinity"
                 type="Telerik.Security.ActiveDirectory.TelerikADRoleProvider, Telerik.Security"
                 connectionStringName="IowaDomain" 
                 connectionUsername="******" 
                 connectionPassword="******" 
                 groupMaps="ITS-CTS-Sitefinity-Admins"
                 domainName="iowa.uiowa.edu" 
           />
        </providers>
    </roleManager>
    <membership defaultProvider="Sitefinity" userIsOnlineTimeWindow="15" hashAlgorithmType="">
        <providers>
            <clear />
            <add name="Public"
                 connectionStringName="DefaultConnection"
                 type="Telerik.DataAccess.AspnetProviders.TelerikMembershipProvider, Telerik.DataAccess" enablePasswordRetrieval="false"
                 enablePasswordReset="true"
                 requiresQuestionAndAnswer="false"
                 applicationName="/"
                 requiresUniqueEmail="false"
                 passwordFormat="Hashed"
                 maxInvalidPasswordAttempts="5"
                 passwordAttemptWindow="10"
                 passwordStrengthRegularExpression=""
                 minRequiredPasswordLength="1"
                 minRequiredNonalphanumericCharacters="0" />
            <add name="Sitefinity" 
                 type="Telerik.Security.ActiveDirectory.TelerikADMembershipProvider, Telerik.Security" 
                 connectionStringName="IowaDomain"
                 enableSearchMethods="true"
                 attributeMapUsername="sAMAccountName"
                 connectionUsername="******"
                 connectionPassword="******" />
        </providers>
    </membership>
     
    <security defaultProvider="DefaultSecurityProvider" cmsProvidersName="Sitefinity">
        <roles>
            <clear />
                <add name="ITS-CTS-Sitefinity-Admins" permission="Unrestricted" />
        </roles>
        <providers>
            <clear />
            <add name="DefaultSecurityProvider" connectionStringName="DefaultConnection" type="Telerik.Security.Data.DefaultSecurityProvider, Telerik.Security.Data" membershipProvider="Sitefinity" roleProvider="Sitefinity" />
        </providers>
    </security>

     

    The configuration appears correct (and if I replace that provider with a dummy provider that simply logs calls and returns correct data I can see that the provider's methods are being called), but after logging in all requests time out.  I can see that the timed out request is correctly authenticated -- it appears in the event log as authenticated with the proper credentials -- but no request ever comes back.

    FYI - I have also verified that I can connect to the DB using the supplied credentials for it (which I've omitted above).

    I have the same problem if I disable the Public providers.  The Sitefinity providers are still the default.

    Any ideas?

  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    25 Jul 2010
    Link to this post
    Hi Timothy VanFosson,

    Can you share the stack trace of the error you are getting?

    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Timothy VanFosson
    Timothy VanFosson avatar
    5 posts
    Registered:
    10 Sep 2009
    26 Jul 2010
    Link to this post

    There is no stack trace.  Here's what the sitefinity.log file has:

    7/23/2010 1:01:47 PM [UNKNOWN]
    ************************************************************************************
    ID: 5e54876f-3fbc-45b8-8f8a-b564f3e27fdd; Code: 3001; Occurrence: 2; Sequence: 14
    ------------------------------------------------------------------------------------

    Application information:
     Machine name: ITSNT907
     OS Version: Microsoft Windows NT 6.1.7600.0
     Product Version: 3.7.2096.2
     Application Path: E:\Sitefinity\WebSites\UniversityCollege\
     Debug: False

    Process information:
     Process ID: 4636
     Process Name: w3wp

    Request information:
     Request URL: /UniversityCollege/sitefinity/admin/default.aspx
     Rewrite URL: http://sitefinity.iowa.uiowa.edu/UniversityCollege/sitefinity/admin/default.aspx
     Url Referrer:  Is Authenticated: True
     Authentication Type: Forms
     User: timv
     User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729; .NET4.0E)
     User Address: 128.255.77.20

    Variables:
     RadControlRandomNumber: 0
     AspSessionIDManagerInitializeRequestCalled: True
     CmsHttpRequest: /UniversityCollege/sitefinity/admin/default.aspx

    - L0 -------------------------------------------------------------------------------

    Exception Type: System.Web.HttpException

    Message: Request timed out.

    Source:

    Stack Trace:

    ------------------------------------------------------------------------------------

  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    26 Jul 2010
    Link to this post
    Hello Timothy VanFosson,

    Try increasing the httpRuntime

    maxRequestLength and executionTimeout.

    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Timothy VanFosson
    Timothy VanFosson avatar
    5 posts
    Registered:
    10 Sep 2009
    26 Jul 2010
    Link to this post
    Increased executionTimeout to 600 and it seems to have worked.  Now how do I figure out why it is so slow?
  6. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    27 Jul 2010
    Link to this post
    Hi Timothy VanFosson,

    It is possible that the SQL server is not responding properly. How many users you have in the AD? There are performance optimizations in the version you use (Sitefinity 3.7 SP3), so there should not be such problems.

    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  7. Timothy VanFosson
    Timothy VanFosson avatar
    5 posts
    Registered:
    10 Sep 2009
    27 Jul 2010
    Link to this post
    I think the issue is partly due to the number of users and partly a configuration issue.  I replaced the Telerik AD membership provider with a custom membership provider that restricts membership to only those domain members who exist in one of the allowed roles.  This has improved the performance of the application significantly.  I'd call it marginally usable at this point.  It's currently running on a VM with the SQL instance on another VM.  I don't know the configurations that well, but this could be part of the problem.

    FWIW, we probably have in excess of 70K user accounts in the domain, between staff and current/former students.  At present we are only planning to allow authenticated access only to a small subset of those users who will be responsible for administering each site.
  8. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    27 Jul 2010
    Link to this post
    Hello Timothy VanFosson,

    Thank you for getting back to use.

    You can also use the built in Active Directory membership provider to optimize the load time. You can use group, user and role search filters for the provider in order to tell Sitefinity where to look for users. What Sitefinity does is to construct a query to your LDAP provider and get results. You can also use groupMaps in order to specify strictly which groups you want to retrieve. Thus you can only get groups relevant to working with the CMS, not all groups from your LDAP. For more information on this topic you can visit this help page: Telerik Active Directory Provider. You can also take a look at the following webinar: Sitefinity Membership & Role Providers. The webinar has some hints on how to use a LDAP browser to help yourself decide exactly which filters you would like to use.

    We have had similar issues with users having an AD consisting of more than 65 K objects. With the use of above mentioned filters they have been able to optimize the performance of provider.

    Kind regards,
    Radoslav Georgiev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  9. Timothy VanFosson
    Timothy VanFosson avatar
    5 posts
    Registered:
    10 Sep 2009
    27 Jul 2010
    Link to this post
    Thanks.  I have used the first of those references, but the controlling factor is actually group membership and it's not clear to me that I could write an LDAP memberOf filter that handles nested groups.  Our set up relies heavily on nested groups to support a combination of central/local control -- i.e., Sitefinity sees our central groups, but those groups are only containers for nested groups under local control.  The local groups control the actual user population.  Do you have an example of a filter that handles nested group membership?
  10. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    28 Jul 2010
    Link to this post
    Hello Timothy VanFosson,

    Thank you for contacting Telerik Support.

    Our internal AD uses somewhat the same structure. I am not an expert in building LDAP queries, however I can recommend that you try out the Softera LDAP Browser, the tool is free. It can be used to navigate through your AD in GUI and when you navigate to the group you wish to use for content management on your website the tool will give you a query which you can append to your LDAP connection string (Organizational Units and Domain Components) which will narrow the search to a smaller set of objects.

    Greetings,
    Radoslav Georgiev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
Register for webinar
10 posts, 0 answered