Friday, 04 August 2006

Fast Concurrent Binding in SDS.P

So, this is really a lesson learned about putting together a book and code samples.  Namely, refactoring your code just before the final cut is generally not a good idea.  Or perhaps I should say, refactoring your code and not thoroughly testing it is not a good idea.

In Chapter 12 of the book, we had a number of examples for how to perform authentication.  One of them was using System.DirectoryServices.Protocols (SDS.P).  The sample tried a number of techniques – first a secure SSL bind using Fast Concurrent Binding (FCB), then it tried either a secure SPNEGO bind or a Digest bind (if ADAM).  Well, initially these were all different samples.  I thought it might be nice to tie them all together a bit more comprehensively – hence the refactoring.  I figured that a bigger sample that did more in a practical manner was more useful than a few line snippets that showed each one.

Anyhow, what ended up happening is that I broke the FCB authentication during the refactoring.  Because of unforseen testing environment meltdown a week earlier I did not have the proper Win2k3 clients to test again (it used to work, really!).  So… I borked it because the FCB code never got tested again.

One of my Avanade co-workers was actually implementing something like this and asked why it was not working.  At first I chalked it up to an environment thing, but after a closer inspection I noticed what the issue was.  Namely, in my attempt to bring all the samples together I had attempted to reuse the same connection for authentication as the bootstrapping.  Well, you can’t do that with FCB – you have to enable it before you bind and cannot turn it off until you close the connection.

The good news is that it is a fairly simple fix and I have already refactored (yet again) to support it.  I will be posting that code in another week or so when I get back from vacation.  Then poor Joe gets to convert it yet again to VB.NET.  Mea Culpa…