RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
On a machine which is a member of a domain, run a managed process from a local user account. The managed process could be any kind of interactive application, web service, or Windows service which uses the .NET Framework 2.0. The managed process uses the RSACryptoServiceProvider class to sign and verify data.
Inside the RSACryptoServiceProvider's SignData and VerifyData methods, there can be a 1- or 2-second delay, and logon failure audit events get written to the domain controller's security event log.
This is a problem with the RSACryptoServiceProvider's SignData or VerifyData methods in the .NET Framework 2.0.
The SignData or VerifyData methods always perform an OID lookup query which is sent to the domain controller, even when the application is running in a local user account. This may cause slowness while signing or verifying data. Logon failure audit events occur on the DC because the client machine's local user account is not recognized by the domain. Therefore, the OID lookup fails.
Below is an example of OID lookup when the RSACryptoServiceProvider.VerifyData method is called by a .NET 2.0 application.
These symptoms occurs only when calling SignData or VerifyData methods.
To avoid this problem, use the RSACryptoServiceProvider SignHash and VerifyHash methods with the default hash algorithm (SHA1) instead of SignData and VerifyData. To specify the default hash algorithm in C#, pass null for the hash algorithm parameter; in Visual Basic, pass the value Nothing. This will tell the SignHash and VerifyHash methods to not perform an OID lookup query. Therefore, the sign and verify operations will not attempt to contact the domain controller.
MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.