CSLA .NET

Vibrant discussion about CSLA .NET and using the framework to build great business applications.

Forum has moved

New location: CSLA .NET forum


CSLA .NET Resources:
  • CSLA .NET forum
  • CSLA .NET home page
  • Windows Authentification (PopulateWindowsIdentity issue )

    rated by 0 users
    Answered (Verified) This post has 1 verified answer | 6 Replies | 2 Followers

    Top 500 Contributor
    27 Posts
    cconte posted on Mon, Jun 24 2013 7:29 AM

    Context : NET 4.5 / SL 5 / Csla: 4.5.30.0 / IIS: 7.5 / OS: Win7

    Hi everyone,

    I am currently experiencing a problem getting windows authentication working with my CSLA 4.5 SL application.  I have setup windows authentication the same way as the samples from the ebook (04-Dataportal).

    When I run the application from my development workstation with IISExpress, everything works fine.  So I have next setup my development and test web servers using IIS 7.5.  I have worked through many issues getting impersonation to work (starting with just enable Windows Authentification and ASP.NET Identity, using Asp.net v4.0 Classic application pool ...).  Now, I think the IIS configuration and web.config are fine (Just in case, I have included them at the end of the post).  

    Now, when I call the application (hosted into iis) from the browser on my development machine, the browser authentication prompt is displayed but if I log-in I get the following exception : "Some or all identity references could not be translated":

    So, I ended up setting up remote debugging on my development web server to see what was going on.I have found that the exception came up on the PopulateWindowsIdentity method (Csla.Silverlight.Security)

     
    Below, the stack trace:

        à System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)

       à System.Security.Principal.SecurityIdentifier.Translate(Type targetType)

       à Csla.Silverlight.Security.WindowsIdentity.PopulateWindowsIdentity()

       à Library.CustomIdentity.DataPortal_Fetch() dans c:\Users\CONTE\Documents\Visual Studio 2012\Projects\Samples\CSLA V4.5.30-23\04-DataPortal-110504\Authentication\Windows 4.5\Library.Net\CustomIdentity.cs:ligne 27

       à lambda_method(Closure , Object , Object[] )

       à Csla.Reflection.MethodCaller.CallMethod(Object obj, DynamicMethodHandle methodHandle, Boolean hasParameters, Object[] parameters)

     

    Does anybody know what the issue here might be?  

     

    Here some posts with interesting advices:

    http://forums.lhotka.net/forums/p/8931/42494.aspx

    http://forums.lhotka.net/forums/p/9453/44801.aspx

     

    IIS Configuration used :
    ·         IIS Authentication settings: ASP.NET Impersonation and Windows Authentication are enabling.
    ·         ASP.NET v4.0 Classic is used for the application pool

    web.config used:
     
    <configuration>
      <appSettings>
        <add key="CslaAuthentication" value="Windows"/>
        <add key="CslaWriter" value="Csla.Serialization.Mobile.CslaBinaryWriter, Csla" />
        <add key="CslaReader" value="Csla.Serialization.Mobile.CslaBinaryReader, Csla" />
      </appSettings>
      <system.web>
        <compilation debug="true" targetFramework="4.5"/>
        <authentication mode="Windows"/>
        <identity impersonate="true" /> <!-- comment it to run with iis express -->
        <pages controlRenderingCompatibilityVersion="4.0"/>
      </system.web>
      <system.diagnostics>
        <sources>
          <source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">
            <listeners>
              <add name="traceListener" type="System.Diagnostics.XmlWriterTraceListener" initializeData="c:\temp\WinAuthTrace.xml"/>
            </listeners>
          </source>
        </sources>
        <trace autoflush="true"/>
      </system.diagnostics>
      
      <system.serviceModel>
        <serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
        <services>
          <service name="Csla.Server.Hosts.WcfPortal" behaviorConfiguration="windowsAuthReturnFaults">
            <endpoint binding="wsHttpBinding" bindingConfiguration="wsHttpBinding_IWcfPortal" contract="Csla.Server.Hosts.IWcfPortal"/>
          </service>
          <service name="Csla.Server.Hosts.Mobile.WcfPortal" behaviorConfiguration="returnFaults">
            <endpoint binding="basicHttpBinding" bindingConfiguration="basicHttpBinding_IWcfPortal"
                      contract="Csla.Server.Hosts.Mobile.IWcfPortal" />
          </service>
        </services>
        <bindings>
          <basicHttpBinding>
              <binding name="basicHttpBinding_IWcfPortal"
                       maxReceivedMessageSize="2147483647"
                       maxBufferPoolSize="2147483647"
                       maxBufferSize="2147483647">
                <readerQuotas maxBytesPerRead="2147483647"
                              maxArrayLength="2147483647"
                              maxStringContentLength="2147483647"
                              maxNameTableCharCount="2147483647"
                              maxDepth="2147483647"/>
              <security mode="TransportCredentialOnly">
                <transport clientCredentialType="Windows"/>
              </security>
            </binding>
          </basicHttpBinding>
          <wsHttpBinding>
            <binding name="wsHttpBinding_IWcfPortal" 
                     maxReceivedMessageSize="2147483647">
              <readerQuotas maxBytesPerRead="2147483647" 
                            maxArrayLength="2147483647" 
                            maxStringContentLength="2147483647" 
                            maxNameTableCharCount="2147483647" 
                            maxDepth="2147483647"/>
            </binding>
          </wsHttpBinding>
        </bindings>
        <behaviors>
          <serviceBehaviors>
            <behavior name="returnFaults">
              <serviceDebug includeExceptionDetailInFaults="true"/>
              <serviceAuthorization impersonateCallerForAllOperations="true" /> <!-- comment it to run with iis express -->
            </behavior>
            <behavior name="windowsAuthReturnFaults">
              <serviceDebug includeExceptionDetailInFaults="true"/>
               <serviceAuthorization impersonateCallerForAllOperations="true"/>
            </behavior>
          </serviceBehaviors>
        </behaviors>
      </system.serviceModel>
    </configuration>

     

    Best regards,

     

    Cedric

     

    Answered (Verified) Verified Answer

    Top 500 Contributor
    27 Posts
    Answered (Verified) cconte replied on Mon, Aug 19 2013 8:32 AM
    Verified by Andy

    Hi everyone,

    Just wanna share with you what i have found about the windows authentification for the Silverlight Application. Actually, to make it run, I have switched the IIS Application Pool Identity  from “ApplicationPoolIdentity” to “NetWorkService” and next restart IIS. All the settings (web.config and IIS) from my previous post was right, the only little thing missing  was the IIS Application Pool Identity. 

    Hope it helps someone else.

    All Replies

    Top 500 Contributor
    27 Posts

    Hi everyone,

    I'm scratching my head and i'm running out of options about the PopulateWindowsIdentity issue. I dont know if my problem came from IIS setting issue or something with the csla. Is someone has set windows authentification with  NET 4.5 / SL 5 to give some feedback ?

    I think to use a woraround byimplementing  impersonation on the server  based on their username/password.

    Thx for your help in advance.

    Cedric


    Top 10 Contributor
    9,475 Posts

    Is it possible that the IIS server is running your code in partial trust? Maybe that blocks the API call to AD to get the user's info?

    Rocky

    Top 500 Contributor
    27 Posts

    Thank you Rocky for your help.

    I have checked it and the IIS trust level is set to Full.

    I'm keep going  investigating...

     

    Top 500 Contributor
    27 Posts
    Answered (Verified) cconte replied on Mon, Aug 19 2013 8:32 AM
    Verified by Andy

    Hi everyone,

    Just wanna share with you what i have found about the windows authentification for the Silverlight Application. Actually, to make it run, I have switched the IIS Application Pool Identity  from “ApplicationPoolIdentity” to “NetWorkService” and next restart IIS. All the settings (web.config and IIS) from my previous post was right, the only little thing missing  was the IIS Application Pool Identity. 

    Hope it helps someone else.

    Not Ranked
    3 Posts

    I am having this exact same problem.  "Some or all identity references could not be translated." occuring when calling PopulateWindowsIdentity().

    However, if I switch my AppPool to NetworkService, the error goes away but then the AppPrincipal is retrieving the user 'NETWORK SERVICE'.  This is a problem as I need to be able to check the AppPrincipal.Username and assign appication level security based on that information.  I suspect I need to use ApplicationPoolIdentity.

    Running locally works perfectly but I can't seem to find the IIS setting to make this work on the webserver.  Using .NET 4.5 and CSLA 4.5.40.

    Top 10 Contributor
    4,106 Posts
    Andy replied on Wed, Apr 16 2014 5:45 PM

    Are you setting identityImpersonate in your web.config?

    Page 1 of 1 (7 items) | RSS

    Copyright (c) 2006-2014 Marimer LLC. All rights reserved.
    Email admin@lhotka.net for support.
    Powered by Community Server (Non-Commercial Edition), by Telligent Systems