Error calling AddUsersToRoles

Topics: NetSqlAzMan Core
Mar 12, 2012 at 9:06 PM

I am using NetSqlAzMan 3.6.0.15 with SQLExpress on WindowsXP (32bit) (running on local workstation)

Users are stored in ADAM.

I have implemented the NetSqlAzManRoleProvider and all of the read methods I have teste work so far.  I am having trouble when calling "AddUsersToRoles".  When I call the method I am getting an error: System.Security.Principal.IdentityNotMappedException  "Some or all identity references could not be translated"

I have tried calling this method with the username and with the SID (which I have verified is correct) but I get the same results.

 

Coordinator
Mar 12, 2012 at 10:03 PM

Maybe a permission issue of the IISExpress user ?

Has this user access to Active Directory to resolve Username to SID ?!

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Mar 12, 2012 at 11:19 PM

aferende,

Yes, in fact I am doing just that before calling the method.  Here  is a code snippet

public void AddUsersToRoles(string appName, string[]  usernames, string[] roleNames)
{
    base.ApplicationName = appName;

    for (int x = 0; x < usernames.Length; x++)
    {
       var sid = SIDHelper.ResolveUserNameToSID(this.ADAMProvider, usernames[x]);  //SID from ADAM is returned   
       if (sid != null)
       {
          usernames[x] = sid.ToString();
       }
       else
       {
          usernames[x] = null;
       }
    }
    base.AddUsersToRoles(usernames, roleNames);
}

 public static SecurityIdentifier ResolveUserNameToSID( ActiveDirectoryMembershipProvider provider, string userName )
{
  MembershipUser user = provider.GetUser( FormatUserName(  userName ), false );
  if ( user != null && user.ProviderUserKey != null )
  {
    return new SecurityIdentifier( user.ProviderUserKey.ToString() );
  }
  else
  {
    return ResolveToDomainSID( userName );
  }
}

Coordinator
Mar 13, 2012 at 7:35 AM

Uhmmm … could you post the source code of the SIDHelper.ResolveUserNameToSID(…) method please ?

Mar 13, 2012 at 1:38 PM
Edited Mar 13, 2012 at 1:41 PM

I did, it's at the bottom of the post.

Coordinator
Mar 13, 2012 at 1:53 PM

Sorry ... I meant ResolveToDomainSID(...) method.

Mar 13, 2012 at 4:19 PM
Edited Mar 13, 2012 at 4:27 PM
private static SecurityIdentifier ResolveToDomainSID( string strLogin ) {
  SecurityIdentifier sid = null;
  // Parse the string to check if domain name is present.
  int idx = strLogin.IndexOf( '\\' );
  if ( idx == -1 ) 
  {
    idx = strLogin.IndexOf( '@' );
  }
  string strDomain;
  string strName;
  if ( idx != -1 ) {
	strDomain = strLogin.Substring( 0, idx );
	strName = strLogin.Substring( idx + 1 );
  } else {
	strDomain = Environment.MachineName;
	strName = strLogin;
  } 
  DirectoryEntry obDirEntry = null;
  try {
	Int64 iBigVal = 5;
	Byte[] bigArr = BitConverter.GetBytes( iBigVal );
	obDirEntry = new DirectoryEntry( "WinNT://" + strDomain + "/" + strName );
	System.DirectoryServices.PropertyCollection coll = obDirEntry.Properties;
	object obVal = coll["objectSid"].Value;
	if ( null != obVal ) {
	  sid = new SecurityIdentifier( (byte[])obVal, 0 );
	}
  } 
  catch ( Exception ex ) 
  {
    sid = null;
  }
  return sid;
}
To be clear my code does not go into this method, I do get a SID from ADAM using "new SecurityIdentifier( user.ProviderUserKey.ToString() );
" from above. Thanks.
Mar 13, 2012 at 5:44 PM

Perhaps my problem is configuration, how do I configure NetSQLAzMan to use ADAM?

Coordinator
Mar 13, 2012 at 5:51 PM

Uhmmm … never used before with ADAM.

Try to see here if can help you … http://netsqlazman.codeplex.com/discussions/61253 or try to contact directly some users have used before.

Coordinator
Mar 13, 2012 at 5:56 PM
kingpin_rcs wrote:
  try {
	Int64 iBigVal = 5;
	Byte[] bigArr = BitConverter.GetBytes( iBigVal );
	obDirEntry = new DirectoryEntry( "WinNT://" + strDomain + "/" + strName );
	System.DirectoryServices.PropertyCollection coll = obDirEntry.Properties;
	object obVal = coll["objectSid"].Value;
	if ( null != obVal ) {
	  sid = new SecurityIdentifier( (byte[])obVal, 0 );
	}
  } 

May be the problem is the WinNT Prefix (instead of LDAP:// prefix). WinNT Provider supports a few attributes instead of LDAP provider.

See if this can help you:

http://www.rlmueller.net/WinNT_LDAP.htm

http://www.csharphelp.com/2007/06/ldap-iis-and-winnt-directory-services/

Andrea.