Problem with role delegate and mmc snap in

Nov 8, 2013 at 2:16 PM
Hello,

When I create a new delegation (between dbuser) the mmc snap in crash while accessing the corresponding role authorization.

There is the code I'm using for the delegation creation :
IAzManDBUser identity = storage.GetDBUser("me");

IAzManDBUser test = storage.GetDBUser("test");
IAzManStore store = storage.GetStore("TestStore");
IAzManApplication app = store.GetApplication("TestApp");

IAzManItem operation = app.GetItem("Admin");
List<KeyValuePair<string, string>> delegateAttributes;
AuthorizationType authType = operation.CheckAccess(identity, DateTime.Now, out delegateAttributes);
            if (authType == AuthorizationType.AllowWithDelegation)
            {                
                IAzManAuthorization auth = operation.CreateDelegateAuthorization(identity, test.CustomSid, RestrictedAuthorizationType.Allow, DateTime.Now, null);
                foreach (KeyValuePair<string, string> attr in delegateAttributes)
                    auth.CreateAttribute(attr.Key, attr.Value);
            }
This code produces no error at run time and the delegated role works correctly ("test" user can use the "admin" role from "me"). But when I open the mcc snap in and go into "Admin" authorization I've got the following error :
Destination array is not long enough to copy all the required data. Check array length and offset.
Parameter name: binaryForm
Could you help me ?

Thanks
Coordinator
Nov 10, 2013 at 9:22 AM
Hello,
seeing the error seems that the row of delegation (SID) has not been written correctly on the Database.
Try to manually delete the row from the DB (table ItemAuthorizations).

Let me know.
Regards,
Andrea.
Nov 12, 2013 at 7:27 AM
Hi,

Deleting the row seems to work, the snap in doesn't crash anymore.
But as soon as I create a new delegation, the problem is back.

Here is the row that is added :

ItemId ownerSid ownerSidWhereDefined objectSid objectSidWhereDefined AuthorizationType ValidFrom ValidTo
13 0x00000001 4 0x00000003 2 1 2013-11-12 08:22:50.120 NULL
Coordinator
Nov 13, 2013 at 8:04 AM
Hi,
could you post the source code of dbo.GetUsersDemo() sp please ?

I suppose the problem is there !
Nov 13, 2013 at 8:17 AM

I suppose you’re talking about the sp dbo.GetDBusers ?

Here is the code :

ALTER FUNCTION [dbo].[netsqlazman_GetDBUsers] (@StoreName nvarchar(255), @ApplicationName nvarchar(255), @DBUserSid VARBINARY(85) = NULL, @DBUserName nvarchar(255) = NULL)

RETURNS TABLE

AS

RETURN

SELECT TOP 100 PERCENT CONVERT(VARBINARY(85), id) AS DBUserSid, login AS DBUserName FROM [MyDB].[dbo].[security__users]

WHERE

(@DBUserSid IS NOT NULL AND CONVERT(VARBINARY(85), id) = @DBUserSid OR @DBUserSid IS NULL)

AND

(@DBUserName IS NOT NULL AND login = @DBUserName OR @DBUserName IS NULL)

ORDER BY login

For the moment I ignore the store and application name.

Coordinator
Nov 15, 2013 at 1:39 PM
SP code seems good.
I would try to download the NetSqlAzMan source code and go to Debug.

I can not think of another.

Let me know.
Andrea.