Miesiąc: styczeń 2012

SharePoint: „Loading this assembly would produce a different grant set from other instances” after a security patch from MS

Hello,

after installing the critical patches for .NET framework, as described in the MS Security Bulletin MS11-100, some of our MOSS 2007 applications were hitting the following exception:

FileLoadException : Loading this assembly would produce a different grant set from other instances. (Exception from HRESULT: 0x80131401

It seems that the security fix applied in the patch KB2657424 (maybe also KB2656351, although it’s a different version of .NET framework) has caused this temporary problem. The solution is to recycle the affected applications’ IIS pool – the exceptions don’t occur anymore and applications work correctly again.
The solution with restarting application pools appears to be quite strange, since the whole machine had to be restarted upon installation of those security updates. But still, it worked.

Hope this helps,
Łukasz

ASP.NET membership provider – identifying users in a multi-domain Active Directory

Hello there,

in a case when using ASP.NET membership provider against Active Directory (System.Web.Security.ActiveDirectoryMembershipProvider), and when there is more than one domain within the directory, one may encounter a trouble distinctly identifying users. E.g. DOMAIN1userXY is a different user than DOMAIN2userXY. Thus, the users must not be confused and should be treated with caution.

In the web.config entry for the membership provider we can specify which field of the AD object should be checked in order to precisely find the user we mean. The attribute „attributeMapUsername” has two possible values:

  1. sAMAccountName
  2. userPrincipalName

As of the first case, we have only the username – without domain – hence we cannot identify precisely which user is referenced. The second option gives us exactly what we need: the username with domain is used here (UserName@DomainName), thus we have the distinct identification of the users.

If you’re using the membership provider’s methods in codebehind, in this blog post you’ll find the explanation on how to fetch the needed properties of an Active Directory user needed as provider’s method parameters. They are stored in the UserPrincipal object.

Hope this helps,
Łukasz