NetSqlRoleProvider AddUsersToRoles issue

Feb 17, 2010 at 3:54 AM

Im using 3.6.0.5

Test envronment: Win7 Client, Sql2005, Win2003 Server using aspnet membership database

1) I connect to my AzMan store on server from client

2) I call System.Web.Security.Roles.AddUsersToRoles and RemoveUsersFromRoles. NetSqlRoleProvider is used as Role Provider

3) Both functions is OK and AzManStore is updated correctly

 

Test envronment: Win7 Client, Sql2005, Win2003 Server, WCF webservice

The WCF Process run under "NETWORK SERVICE"

1) I connect to my AzMan store on server from client via WCF calls

2) On Server I call System.Web.Security.Roles.AddUsersToRoles and RemoveUsersFromRoles. NetSqlRoleProvider is used (i have inherit this in a new class NetSqlAzmanRoleProvider and override Initialize method, coz of ProviderName issues (3.6.0.3)

3) RemoveUsersFromRoles function is OK,

but AddUsersToRoles throws an ArgumentNullexception "Value cannot be null. Parameter name: value". My trace shows that UserNames() and RoleNames() have values and that the exception proprogate from NetSqlRoleProvider

4) My WCF Trace shows:

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"><System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"><EventID>131076</EventID><Type>3</Type><SubType Name="Error">0</SubType><Level>2</Level><TimeCreated SystemTime="2010-02-15T07:55:52.7374959Z" /><Source Name="System.ServiceModel" /><Correlation ActivityID="{c2a85da7-e2e4-469c-9a5d-6ab2ab502dc9}" /><Execution ProcessName="w3wp" ProcessID="1048" ThreadID="7" /><Channel /><Computer>IP-0AE03AF5</Computer></System><ApplicationData><TraceData><DataItem><TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Error"><TraceIdentifier>http://msdn.microsoft.com/en-GB/library/System.ServiceModel.Diagnostics.TraceHandledException.aspx</TraceIdentifier><Description>Handling an exception.</Description><AppDomain>/LM/W3SVC/894325/Root/eDoc7-1-129106940205031209</AppDomain><Exception><ExceptionType>System.ArgumentNullException, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>Value cannot be null.
Parameter name: value</Message><StackTrace>   at System.Data.Linq.SqlClient.QueryConverter.VisitInvocation(InvocationExpression invoke)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitWhere(Expression sequence, LambdaExpression predicate)
   at System.Data.Linq.SqlClient.QueryConverter.VisitSequenceOperatorCall(MethodCallExpression mc)
   at System.Data.Linq.SqlClient.QueryConverter.VisitMethodCall(MethodCallExpression mc)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitFirst(Expression sequence, LambdaExpression lambda, Boolean isFirst)
   at System.Data.Linq.SqlClient.QueryConverter.VisitSequenceOperatorCall(MethodCallExpression mc)
   at System.Data.Linq.SqlClient.QueryConverter.VisitMethodCall(MethodCallExpression mc)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.ConvertOuter(Expression node)
   at System.Data.Linq.SqlClient.SqlProvider.BuildQuery(Expression query, SqlNodeAnnotations annotations)
   at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query)
   at System.Data.Linq.DataQuery`1.System.Linq.IQueryProvider.Execute[S](Expression expression)
   at System.Linq.Queryable.FirstOrDefault[TSource](IQueryable`1 source)
   at NetSqlAzMan.SqlAzManItem.CreateAuthorization(IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined sidWhereDefined, AuthorizationType authorizationType, Nullable`1 validFrom, Nullable`1 validTo)
   at NetSqlAzMan.Providers.NetSqlAzManRoleProvider.AddUsersToRoles(String[] usernames, String[] roleNames)
   at Bizkit7.Security.Membership.WcfWrappers.WcfMembershipProviderService.AddUsersToRoles(String[] usernames, String[] roleNames) in C:\jkh\Bizkit7\Bizkit7.Project\Source\Bizkit7\Components\Bizkit7.Security.Authorization\1.0\Bizkit7.Security.Membership\WcfWrappers\WcfMembershipProviderService.vb:line 285
   at SyncInvokeAddUsersToRoles(Object , Object[] , Object[] )
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp;amp; outputs)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp;amp; rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp;amp; rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc&amp;amp; rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage3(MessageRpc&amp;amp; rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage2(MessageRpc&amp;amp; rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage1(MessageRpc&amp;amp; rpc)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)</StackTrace><ExceptionString>System.ArgumentNullException: Value cannot be null.
Parameter name: value
   at System.Data.Linq.SqlClient.QueryConverter.VisitInvocation(InvocationExpression invoke)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitBinary(BinaryExpression b)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitExpression(Expression exp)
   at System.Data.Linq.SqlClient.QueryConverter.VisitWhere(Expression sequence, LambdaExpression predicate)
   at System.Data.Linq.SqlClient.QueryConverter.VisitSequenceOperatorCall(MethodCallExpression mc)
   at System.Data.Linq.SqlClient.QueryConverter.VisitMethodCall(MethodCallExpression mc)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.Visit(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.VisitFirst(Expression sequence, LambdaExpression lambda, Boolean isFirst)
   at System.Data.Linq.SqlClient.QueryConverter.VisitSequenceOperatorCall(MethodCallExpression mc)
   at System.Data.Linq.SqlClient.QueryConverter.VisitMethodCall(MethodCallExpression mc)
   at System.Data.Linq.SqlClient.QueryConverter.VisitInner(Expression node)
   at System.Data.Linq.SqlClient.QueryConverter.ConvertOuter(Expression node)
   at System.Data.Linq.SqlClient.SqlProvider.BuildQuery(Expression query, SqlNodeAnnotations annotations)
   at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query)
   at System.Data.Linq.DataQuery`1.System.Linq.IQueryProvider.Execute[S](Expression expression)
   at System.Linq.Queryable.FirstOrDefault[TSource](IQueryable`1 source)
   at NetSqlAzMan.SqlAzManItem.CreateAuthorization(IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined sidWhereDefined, AuthorizationType authorizationType, Nullable`1 validFrom, Nullable`1 validTo)
   at NetSqlAzMan.Providers.NetSqlAzManRoleProvider.AddUsersToRoles(String[] usernames, String[] roleNames)
   at Bizkit7.Security.Membership.WcfWrappers.WcfMembershipProviderService.AddUsersToRoles(String[] usernames, String[] roleNames) in C:\jkh\Bizkit7\Bizkit7.Project\Source\Bizkit7\Components\Bizkit7.Security.Authorization\1.0\Bizkit7.Security.Membership\WcfWrappers\WcfMembershipProviderService.vb:line 285
   at SyncInvokeAddUsersToRoles(Object , Object[] , Object[] )

   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp;amp; outputs)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp;amp; rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp;amp; rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc&amp;amp; rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage3(MessageRpc&amp;amp; rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage2(MessageRpc&amp;amp; rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage1(MessageRpc&amp;amp; rpc)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)</ExceptionString></Exception></TraceRecord></DataItem></TraceData></ApplicationData></E2ETraceEvent>

 

What do i do wrong here? Any ideas?

Regards,

John

Coordinator
Feb 17, 2010 at 6:55 AM

Hi,

 this error means that the WCP Process identity (Network_Service) cannot resolve Domain Users SIDs because it has no rights.

Try to change the the WCF Process User with a Domain User.

Let me know.

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Feb 17, 2010 at 7:19 AM

Yes i have tried to use an Administrator user instead of NetworkService user in the WCF process (IIS Appl.Pool Identity), but still same exception. (My WCF is hosted by IIS6)

I guess, because i can Call the function RemoveUsersFromRoles in NetSqlRoleProvider without exception (even when i use the NetworkService identity), there must be something in the AddUsersToRoles function that have dependencies on the identity/environment of the WCF process calling it. (This might be same problem fo WinNT service processes???)

When i call from a client using normal SqlSrv connection (with sql user logon, not NTLM logon) and System,Web.Security.Roles Provider (NetSqlRoleProvider) both functions AddUser../RemoveUser... work without exception

So im kind of cluesless of what the difference is that provoke this exception...

When i Debug the server side, i can see that the exception comes from the NetSqlRoleProvider.AddUsersToRoles method

I need to use WCF for the user/role management, coz my client/server appl. runs on a slow network. I tried to access the AzMan store directly for user/role management, but thats slower than using my WCF implementation....

Regards,

/John 

Coordinator
Feb 17, 2010 at 8:31 AM

Yes … but a local Administrator (as Network Service) has no right to resolve AD SIDs because it is not a Domain User.

Please try with a Domain User.

To enable a domain user (DOMAIN\myuser) to run inside an IIS App Pool  run first:

C:\Windows\Microsoft.NET\Framework\v2.x.x.x\aspnet_regiis –ga DOMAIN\myuser

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Feb 17, 2010 at 8:42 AM
Edited Feb 17, 2010 at 10:03 AM

But my server is not a AD server (Active Directory). Its a standalone server and there is no AD installed or configured.

My AzMan store do not contain any Windows Users/Groups, only have "DB" users and "DB" Roles. (aspnet membership users)

When i debug the server side i can see that the System.Security.Principal.WindowsIdentity.GetCurrent have the user i have in my Appl.Pool Identity in IIS (NetworkService or local Administrator user)

What do this do? C:\Windows\Microsoft.NET\Framework\v2.x.x.x\aspnet_regiis –ga DOMAIN\myuser

 

I have a small Test program (WinForm) that i use on client to test the AddUsersToRoles method. This testprogram dont use WCF, but direct azMan store sql link. When i run from client there no exception. When i put the test program on server and run it directly from server, then there is no exception. I copied the web.config from my WCF "membership" and "roleManager" sections directly into the test programs app.config sections.

Regards,

/John

I had a closer look at the AzMan store. I can see now why RemoveUsersFromRoles dont need the calling Process SID, but the AddUsersToRoles do need the calling Process SID to set the "Owner" SID field. in AzMan Store

So i guess that then "parameter null: value" ref. to the missing Owner SID. So how do AddUsersToRoles get the OwnerSID? Via the Calling process WindowsIdentity? or? If i knew i can set/impersonate it in WCF before calling the AddUsersToRoles

/John

Feb 17, 2010 at 3:38 PM

Well, Andrea i think i found a solution to my problem....

In the WCF process the System.Threading.Thread.CurrentPrincipal.Identity is a GenericPrincipal instance and not a WindowsIndentity instance, but coz GenericPrincipal and WindowsIndentity have same inheritence the typecast made in green color will never fail, so the threads identity will always be used.

My workaround is to set System.Threading.Thread.CurrentPrincipal=null in my WCF process to force the AddUsersToRoles to use the WCF Process windowsIdentity. (For genericIdentity the SID=null for standard WCF process)

Ok, im not sure if this is behaviour by intention or if this is some bug.....

Anyways thanks for a great product.....

/John

public override void AddUsersToRoles(string[] usernames, string[] roleNames)
        {
            try
            {
                this.storage.OpenConnection();
                this.storage.BeginTransaction();
                foreach (string roleName in roleNames)
                {
                    IAzManItem role = this.application.GetItem(roleName);
                    if (role.ItemType != ItemType.Role)
                        throw new ArgumentException(String.Format("{0} must be a Role.", roleName));

                    foreach (string username in usernames)
                    {
                        IAzManSid owner = new SqlAzManSID(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).User);
                        WhereDefined whereDefined = WhereDefined.LDAP;
                        if (this.userLookupType=="LDAP")

Coordinator
Feb 17, 2010 at 4:44 PM

Great Work !

Mar 13, 2012 at 2:43 PM

If possible, can you please post the entire method?

Developer
Mar 30, 2012 at 4:17 PM

//If possible, can you please post the entire method?//

 

I concur. Pretty please?

Mar 30, 2012 at 5:23 PM

You can see the entire method in NetSqlRoleProvides,cs in  http://netsqlazman.codeplex.com/SourceControl/changeset/view/75023#436234

Look for the source code on this website under "Source Code" for NetSqlAzman under NetSqlAzman\Providers

I just added the "green" stuff.....

/John