Friday, August 4, 2006
So, this is really a lesson learned about putting together a book and code samples. Namely, refactoring your code just before the final cut is generally not a good idea. Or perhaps I should say, refactoring your code and not thoroughly testing it is not a good idea.
In Chapter 12 of the book, we had a number of examples for how to perform authentication. One of them was using System.DirectoryServices.Protocols (SDS.P). The sample tried a number of techniques – first a secure SSL bind using Fast Concurrent Binding (FCB), then it tried either a secure SPNEGO bind or a Digest bind (if ADAM). Well, initially these were all different samples. I thought it might be nice to tie them all together a bit more comprehensively – hence the refactoring. I figured that a bigger sample that did more in a practical manner was more useful than a few line snippets that showed each one.
Anyhow, what ended up happening is that I broke the FCB authentication during the refactoring. Because of unforseen testing environment meltdown a week earlier I did not have the proper Win2k3 clients to test again (it used to work, really!). So… I borked it because the FCB code never got tested again.
One of my Avanade co-workers was actually implementing something like this and asked why it was not working. At first I chalked it up to an environment thing, but after a closer inspection I noticed what the issue was. Namely, in my attempt to bring all the samples together I had attempted to reuse the same connection for authentication as the bootstrapping. Well, you can’t do that with FCB – you have to enable it before you bind and cannot turn it off until you close the connection.
The good news is that it is a fairly simple fix and I have already refactored (yet again) to support it. I will be posting that code in another week or so when I get back from vacation. Then poor Joe gets to convert it yet again to VB.NET. Mea Culpa…