CSLA Security - BusinessPricipal.Login - System.NullReferenceExeption

CSLA Security - BusinessPricipal.Login - System.NullReferenceExeption

Old forum URL: forums.lhotka.net/forums/t/1060.aspx

pirithoos posted on Tuesday, August 29, 2006

I have successfully finishing coding my first application using CSLA.NET for Framwork 1.1.
Initialy I have not implementet any security mechanism. Everything runs perfectly either setting the app.config to run locally or remotely.

Now I have made some experiments using CSLA security.
Running locally everything still works fine, but if I set the application.config to run remotely the following exception raises at the line

BusinessPricipal.Login("User", "Password")

exeption:

"System.NullReferenceExeption"

As everything works if app.cofing is set to run locally I assume that it cannot be a bug in the code,
actually I am afraid that mayby IIS is not configured correctly, but I am no expert on IIS.

Can somebody help?





xal replied on Tuesday, August 29, 2006

When using remoting, you're supposed to run Logout before attempting to login...
Anyway, that particularily won't raise a nullreference exception, so it must be something in your login code...
Did you try debugging your DataPortal_Fetch method? Does it even get there?


Andrés

pirithoos replied on Tuesday, August 29, 2006

Dear Andrés,

many thanks for your prompt reply!

The strange thing is that if I set app.config to run locally it works, but if set to remote it don't.
I don't thing it has somenthing to do with the DataPortal_Fetch method.

Below you can see the code from a Testing Form which should only show a MsgBox with the number of Objects in the Collection and the another confirming that the thread current pricible has a certain role. As set above everything works, but if the app.config is set as follows the System.NullReferenceExecption in CSLA.dll is raised.

Best Regards

Frank

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

       

            BusinessPrincipal.Login("admin", "123")

        If Thread.CurrentPrincipal.Identity.IsAuthenticated Then

            Dim test As BOATestList = BOATestList.GetTestList

            MsgBox(test.Count) 'should return 5

        End If

       

            If Thread.CurrentPrincipal.IsInRole("Administrator") Then MsgBox("Hi, Administrator!")

 

    End Sub

 

 

============================

APP.CONFIG

============================

 

<?xml version="1.0" encoding="utf-8" ?>

<configuration>

            <appSettings>

                        <add key="Authentication" value="CSLA" />

                        <add key="PortalServer" value="http://localhost/DataPortal/DataPortal.rem" />

                        <add key="ServicedPortalServer" value="http:localhost/DataPortal/ServicedDataPortal.rem" />

                        -->

                        </appSettings>

</configuration>

 

 

 

 

============================

WEB.CONFIG IN DATAPORTAL

============================

 

 

<?xml version="1.0" encoding="utf-8" ?>

<configuration>

   

  <appSettings>

    <add key="Authentication" value="CSLA" />

    <!-- TODO: update connection strings as appropriate -->

    <add key="DB:Security" value ="data source=localhost; initial catalog=Security; integrated security=SSPI" />

    <add key="DB:TST" value = "data source=localhost; initial catalog=TestDB; integrated security=SSPI" /> 

  </appSettings>

 

  <system.runtime.remoting>

    <application>

      <service>

        <wellknown mode="SingleCall"

            objectUri="DataPortal.rem"

            type="CSLA.Server.DataPortal, CSLA.Server.DataPortal" />

        <wellknown mode="SingleCall"

            objectUri="ServicedDataPortal.rem"

            type="CSLA.Server.ServicedDataPortal.DataPortal, CSLA.Server.ServicedDataPortal" />

      </service>

      <channels>

        <channel ref="http">

          <serverProviders>

            <provider ref="wsdl" />

            <!-- TODO: comment the following two lines for .NET 1.0 -->

            <formatter ref="soap" typeFilterLevel="Full" />

            <formatter ref="binary" typeFilterLevel="Full" />

          </serverProviders>

        </channel>

      </channels>

    </application>

  </system.runtime.remoting>

 

  <system.web>

 

    <!--  DYNAMIC DEBUG COMPILATION

          Set compilation debug="true" to insert debugging symbols (.pdb information)

          into the compiled page. Because this creates a larger file that executes

          more slowly, you should set this value to true only when debugging and to

          false at all other times. For more information, refer to the documentation about

          debugging ASP.NET files.

    -->

    <compilation defaultLanguage="vb" debug="true" />

 

    <!--  CUSTOM ERROR MESSAGES

          Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.

          Add <error> tags for each of the errors you want to handle.

    -->

    <customErrors mode="RemoteOnly" />

 

    <!--  AUTHENTICATION

          This section sets the authentication policies of the application. Possible modes are "Windows",

          "Forms", "Passport" and "None"

    -->

    <authentication mode="Windows" />

 

 

    <!--  AUTHORIZATION

          This section sets the authorization policies of the application. You can allow or deny access

          to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous

          (unauthenticated) users.

    -->

    <authorization>

        <allow users="*" /> <!-- Allow all users -->

 

            <!--  <allow     users="[comma separated list of users]"

                             roles="[comma separated list of roles]"/>

                  <deny      users="[comma separated list of users]"

                             roles="[comma separated list of roles]"/>

            -->

    </authorization>

 

    <!--  APPLICATION-LEVEL TRACE LOGGING

          Application-level tracing enables trace log output for every page within an application.

          Set trace enabled="true" to enable application trace logging.  If pageOutput="true", the

          trace information will be displayed at the bottom of each page.  Otherwise, you can view the

          application trace log by browsing the "trace.axd" page from your web application

          root.

    -->

    <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />

 

 

    <!--  SESSION STATE SETTINGS

          By default ASP.NET uses cookies to identify which requests belong to a particular session.

          If cookies are not available, a session can be tracked by adding a session identifier to the URL.

          To disable cookies, set sessionState cookieless="true".

    -->

    <sessionState

            mode="InProc"

            stateConnectionString="tcpip=127.0.0.1:42424"

            sqlConnectionString="data source=127.0.0.1;user id=sa;password="

            cookieless="false"

            timeout="20"

    />

 

    <!--  GLOBALIZATION

          This section sets the globalization settings of the application.

    -->

    <globalization requestEncoding="utf-8" responseEncoding="utf-8" />

  

  </system.web>

 

</configuration>

 


xal replied on Tuesday, August 29, 2006

Is this 2.0? here's a sample of my app.config for 2.0:
<appSettings>
        <add key="CslaAuthentication" value="Csla"/>
        <add key="CslaDataPortalProxy" value="Csla.DataPortalClient.RemotingProxy, Csla"/>
        <add key="CslaDataPortalUrl" value="http://localhost/DP/RemotingPortal.rem"/>
</appSettings>


Still, remember that if you use remoting, you MUST call Logout before calling login...

So your Load should be like:

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

            BusinessPrincipal.Logout()

            BusinessPrincipal.Login("admin", "123")

        If Thread.CurrentPrincipal.Identity.IsAuthenticated Then

            Dim test As BOATestList = BOATestList.GetTestList

            MsgBox(test.Count) 'should return 5

        End If

            If Thread.CurrentPrincipal.IsInRole("Administrator") Then MsgBox("Hi, Administrator!")


     End Sub


Also, your Logout method should be setting an Unauthenticated identity.


Andrés

pirithoos replied on Tuesday, August 29, 2006

No I use Version 1 (download from Rocky site: CSLA10vb-060519) and ASP.NET 1.1.4322

In this CSLA Framework there is no method ' BusinessPricipal.Logout () '

Also in Rocky's book (Chapter 8 Windows Forms UI) Sample application there is no method

BusinessPricipal.Logout()

mentioned.

I still assume it must have something todo with the configuration from either app.config/web.config or IIS or SQL2000Server.

The funny thing is I just found out that if I set the web.config and app.config to Windows instead of CSLA, then is works also remotely !!! know I am totally confused...., but at least it works

Anyway I am curious to learn how this works / not works if Authetication is set to CSLA as prescribed in Rocky's book.

See following configs which make my sample application run remotely using CSLA Security:

********* APP.CONFIG **********

<?xml version="1.0" encoding="utf-8" ?>

<configuration>

<appSettings>

<add key="Authentication" value="Windows" />

<!--

<add key="DB:Security" value = "data source=localhost; initial catalog=Security; integrated security=SSPI" />

<add key="DB:TST" value = "data source=localhost; initial catalog=TestDB; integrated security=SSPI" />

-->

<add key="PortalServer" value="http://localhost/DataPortal/DataPortal.rem" />

<add key="ServicedPortalServer" value="http://localhost/DataPortal/ServicedDataPortal.rem" />

</appSettings>

</configuration>

********* WEB.CONFIG **********

<?xml version="1.0" encoding="utf-8" ?>

<configuration>

<appSettings>

<add key="Authentication" value="Windows" />

<!-- TODO: update connection strings as appropriate -->

<add key="DB:Security" value ="data source=localhost; initial catalog=Security; integrated security=SSPI" />

<add key="DB:TST" value = "data source=localhost; initial catalog=chemtradmin; integrated security=SSPI" />

</appSettings>

<system.runtime.remoting>

<application>

<service>

<wellknown mode="SingleCall"

objectUri="DataPortal.rem"

type="CSLA.Server.DataPortal, CSLA.Server.DataPortal" />

<wellknown mode="SingleCall"

objectUri="ServicedDataPortal.rem"

type="CSLA.Server.ServicedDataPortal.DataPortal, CSLA.Server.ServicedDataPortal" />

</service>

<channels>

<channel ref="http">

<serverProviders>

<provider ref="wsdl" />

<!-- TODO: comment the following two lines for .NET 1.0 -->

<formatter ref="soap" typeFilterLevel="Full" />

<formatter ref="binary" typeFilterLevel="Full" />

</serverProviders>

</channel>

</channels>

</application>

</system.runtime.remoting>

<system.web>

<!-- DYNAMIC DEBUG COMPILATION

Set compilation debug="true" to insert debugging symbols (.pdb information)

into the compiled page. Because this creates a larger file that executes

more slowly, you should set this value to true only when debugging and to

false at all other times. For more information, refer to the documentation about

debugging ASP.NET files.

-->

<compilation defaultLanguage="vb" debug="true" />

<!-- CUSTOM ERROR MESSAGES

Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.

Add <error> tags for each of the errors you want to handle.

-->

<customErrors mode="RemoteOnly" />

<!-- AUTHENTICATION

This section sets the authentication policies of the application. Possible modes are "Windows",

"Forms", "Passport" and "None"

-->

<authentication mode="Windows" />

 

<!-- AUTHORIZATION

This section sets the authorization policies of the application. You can allow or deny access

to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous

(unauthenticated) users.

-->

<authorization>

<allow users="*" /> <!-- Allow all users -->

<!-- <allow users="[comma separated list of users]"

roles="[comma separated list of roles]"/>

<deny users="[comma separated list of users]"

roles="[comma separated list of roles]"/>

-->

</authorization>

<!-- APPLICATION-LEVEL TRACE LOGGING

Application-level tracing enables trace log output for every page within an application.

Set trace enabled="true" to enable application trace logging. If pageOutput="true", the

trace information will be displayed at the bottom of each page. Otherwise, you can view the

application trace log by browsing the "trace.axd" page from your web application

root.

-->

<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />

 

<!-- SESSION STATE SETTINGS

By default ASP.NET uses cookies to identify which requests belong to a particular session.

If cookies are not available, a session can be tracked by adding a session identifier to the URL.

To disable cookies, set sessionState cookieless="true".

-->

<sessionState

mode="InProc"

stateConnectionString="tcpip=127.0.0.1:42424"

sqlConnectionString="data source=127.0.0.1;user id=sa;password="

cookieless="false"

timeout="20"

/>

<!-- GLOBALIZATION

This section sets the globalization settings of the application.

-->

<globalization requestEncoding="utf-8" responseEncoding="utf-8" />

</system.web>

</configuration>

Copyright (c) Marimer LLC