Hi guys,
I have made some modifications for the ActiveDirectory provider 1.00.03, and am presenting them here if anyone wants them.
Problem:
We deployed DotNetNuke as our new Intranet CMS recently, and installed the ActiveDirectory provider. Auto-login, user group->DNN role synchronisation, etc, all worked fine. However, we found that the initial load of the page took up to 10 seconds for each users' session (depending on the number of groups they were in). I installed debug code into the source for the provider, and discovered that up to 3 seconds was being spent interrogating AD, and then up to 6 seconds getting the DNN roles and synchronising them. This was happening even if only 1 user was accessing the system, so it wasn’t a capacity problem: the webserver is a quad-core Xeon 5345 in Windows 2003 R2 64-bit, 4GB RAM.
We tried 1.00.04 (1.00.03 installed initially) and it didn't really speed it up - our old Intranet had near-instantaneous load-up so there was pressure to come up with a solution.
We also found out that nested groups weren’t coming through. For example, I am in the “IT” user group, which is part of the “All Staff” group. However, I wasn’t being added to the All Staff role, only the IT role. Debugging the code showed that the provider wasn’t getting all of the groups I was in, if they were nested.
Solution:
We have .Net 3.5 installed, so I decided to convert the module to .Net 3.5, so I could access the new AD functions: System.DirectoryServices.AccountManagement and UserPrinciples.GetAuthorizationGroups which automatically does the recursive look up of groups.
I also added use of the Cache object from ASP.NET – now, the DNN roles are retrieved once and then cached for 8 hours – each users' groups are also retrieved from AD and then cached, when they hit the site. I added a CacheDependancy for those cache objects to a file on our server (a small text file) which we can ‘touch’ to make the entire cache become invalidated, and everything re-synced again, if we make changes to a users’ groups or the DNN roles.
I made the code changes to 1.00.03, but they should easily come through to 1.00.04.
The installation of this module was easy (ie just overwrote DotNetNuke.Authentication.ActiveDirectory.dll with our modded one)
Now, although the initial load of the day still takes up to 10 seconds, subsequent loads are near-instantaneous, even for different users, as the biggest speed hit is getting the DNN roles (ie by LoadGroupInfo() in ADSIProvider.vb).
If anyone would like the source code and install instructions for this mod we’re running, let me know, I can add them here.