Remote Dataportal security errorRemote Dataportal security error
Old forum URL: forums.lhotka.net/forums/t/172.aspx
xal posted on Tuesday, May 23, 2006
Hi!
I'm having an issue and I'm lost at trying to find the cause.... I've created other projects and these all seem to work, but I'm not able to fetch anything through this dataportal. I get:
Object of type 'System.Runtime.Serialization.TypeLoadExceptionHolder' cannot be converted to type 'System.Security.Principal.IPrincipal'.
Any ideas?
Andrés
pfeds replied on Tuesday, May 23, 2006
Principal objects cannot be serialized, so that could be your issue...? Are you passing in a principal object as a criteria parameter?xal replied on Tuesday, May 23, 2006
Well, This is what I'm doing before calling dataportal:
Dim identity As SBIdentity = SBIdentity.GetIdentity(username, password)
If identity.IsAuthenticated Then
Dim principal As New SBPrincipal(identity)
Csla.ApplicationContext.User = principal
End If
(At the time I have a dummy identity which is always authenticated)
Andrés
ajj3085 replied on Tuesday, May 23, 2006
I assume SBPrin and SBIdent are your custom objects? If so, make sure both are marked Serializable.
Also make sure you have the same version of the assembly at both endpoints of the dataportal.
Andy
ajj3085 replied on Tuesday, May 23, 2006
Actually reading the message it sounds like your principal object isn't implementing the IPrnicipal interface.
Can you post the code for the prin and ident classes?
xal replied on Tuesday, May 23, 2006
I'm inheriting from BusinessPrincipalBase.... (I made this almost identical to the book's sample)
<Serializable()> _
Public Class SBPrincipal
Inherits Csla.Security.BusinessPrincipalBase
Private Sub New(ByVal identity As IIdentity)
MyBase.New(identity)
End Sub
Public Overrides Function IsInRole(ByVal role As String) As Boolean
Dim iden As SBIdentity = DirectCast(Me.Identity, SBIdentity)
Return iden.IsInRole(role)
End Function
Public Shared Function Login( _
ByVal username As String, ByVal password As String) As Boolean
Dim identity As SBIdentity = SBIdentity.UnauthenticatedIdentity
If identity.IsAuthenticated Then
Dim principal As New SBPrincipal(identity)
Csla.ApplicationContext.User = principal
End If
Return identity.IsAuthenticated
End Function
Public Shared Sub Logout()
Dim identity As SBIdentity = SBIdentity.UnauthenticatedIdentity
Dim principal As New SBPrincipal(identity)
Csla.ApplicationContext.User = principal
End Sub
End Class
<Serializable()> _
Public Class SBIdentity
Inherits Csla.ReadOnlyBase(Of SBIdentity)
Implements IIdentity
Private mAutenticado As Boolean = True
Private mNombre As String = "Pepe"
Private mRoles As New List(Of String)
Protected Overrides Function GetIdValue() As Object
Return mNombre
End Function
#Region " IIdentity "
Public ReadOnly Property AuthenticationType() As String Implements System.Security.Principal.IIdentity.AuthenticationType
Get
Return "Csla"
End Get
End Property
Public ReadOnly Property IsAuthenticated() As Boolean Implements System.Security.Principal.IIdentity.IsAuthenticated
Get
Return mAutenticado
End Get
End Property
Public ReadOnly Property Name() As String Implements System.Security.Principal.IIdentity.Name
Get
Return mNombre
End Get
End Property
#End Region
Friend Function IsInRole(ByVal Rol As String)
Return True
End Function
Friend Shared Function UnauthenticatedIdentity() As SBIdentity
Return New SBIdentity()
End Function
'Friend Shared Function GetIdentity(ByVal username As String, ByVal password As String)
' 'Return ActiveObjects.DataPortal.Fetch(Of SBIdentity)(New Criteria(username, password))
'End Function
End Class
xal replied on Tuesday, May 23, 2006
I wonder if this could be called a step forward:
I recompiled all my references cleared out the references the bin dirs. Next I readded all my references and recompiled. I'm getting a different error now. Here it is:
The input stream is not a valid binary format. The starting contents (in bytes) are: 53-79-73-74-65-6D-2E-49-4F-2E-46-69-6C-65-4E-6F-74 ... wtf?
Andrés
(Note: the wtf was added by me. It is not part of the exception
![Wink [;)]](/emoticons/emotion-5.gif)
)
guyroch replied on Tuesday, May 23, 2006
Have you set your IIS virtual folder to run under ASP.NET 2.0, the default is 1.1 ?
xal replied on Tuesday, May 23, 2006
Hi Guy!
Yes, I've done that.... I'm also getting the same error from the development server that vs sets up....
Andrés
ajj3085 replied on Tuesday, May 23, 2006
Argh,
When I last played with remoting a few months ago, I did encounter the error you're now getting (the byte one).
I can't remember how I fixed it.. I'll do some searching and see if i can't find the answer.
Andy
ajj3085 replied on Tuesday, May 23, 2006
Ahh! I think i found it.
Check the maxRequest length in the Web.config. You object size when serialized may be larger than this value.
See http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=61866&SiteID=1
HTH
Andy
guyroch replied on Tuesday, May 23, 2006
I always used CSLA with remoting. Can you post your app.config file and web.config file? We might be able to take a better stab at it with the config files.xal replied on Tuesday, May 23, 2006
Well, finally I was able to get it working....
Apparently my original assumption of a reference issue was semi correct... (The last message about that serialization issue was because I missed adding a reference to my business assembly in the dataportal...)
Though it works now, it seems to be unreliable... It sometimes works, and sometimes hangs forever, without throwing exceptions or anything...
Anybody had this behaviour before?
(I'll post my config files, but they're an exact copy of the one at project tracker....)
Andrés
ajj3085 replied on Tuesday, May 23, 2006
Andrés,
Hmm... this is a tough one.
Are you using IIS on your local workstation as the remoting target? You may want to do so if you are not.. that way you can fire up your application in Debug mode, and then attach also to the aspnet worker process.
This will allow you to 'step into' the IIS server side code.. just be sure to set breakpoints on the entry code for the server.
Andy
xal replied on Tuesday, May 23, 2006
I'm starting to feel I'm in the twilight zone....
I now created a login that connects to the db. Nothing fancy, it doesn't even look data in a real table.
Now,
-If I connect directly to my asp (http://localhost/BalanceDataPortal/RemotingPortal.rem), the login procedure will fail. It can't open the connection to the database. Period.
-If I connect to the development service created by visual studio, then the login procedure works like a charm, but when I try fetching a readonly collection it just hangs indefinitely... no exception, no nothing.
Just so that we're clear, here's my sql connection string:
Integrated security = false;
Persist security info = false;
server=np:SOLUCIONES-A4;
database=BD_Unidato;
user = sa;
pwd=password_here
(yes, even logging in as sa fails!)
Of course this all works fine if I run locally with the very same connection string.
Also, note that I can attach to the asp process and step through the code running in my local asp, but I can't do the same for the development service created by vs....
Now, what vodoo spell do I have to cast to get this working!? (Should I be calling Mr. Threepwood?)
Andrés
ajj3085 replied on Tuesday, May 23, 2006
Hmm..
Could the login failure be caused bysome kind of firewall issue?
Usually when a read from the database fails its because some of the rows that need to be read are involved in a transaction which has not yet commited or rolled back.
Just for kicks, try changing the isolation level for the fetch sql statement. There's a level that allows you to read the records as they were before the transaction locked them (or you can do a dirty read).
Andy
xal replied on Tuesday, May 23, 2006
I'm always using the same sql connection string. Asp is local too. SQL server is in another development machine and the table is not being used at all.
When running locally (without remoting) everything works just fine...
When running through the dataportal accessing it through http://localhost/BalanceDataPortal/RemotingPortal.rem it fails to open the connection to the database.
When running through the development instance (http://localhost:1401/BalanceDataPortal/RemotingPortal.rem) it logs in (connects to the db and fetches login info). But fetching other data results in an infinite wait for results... (I'm not being able to debug the code running inside this process either...)
Andrés
ajj3085 replied on Tuesday, May 23, 2006
I'm pretty much out of ideas at this point.
The only suggestion I have left is setup another computer with Sql and IIS and try to get things working on that box. If you encounter the same problems there, you must be missing something in the configuration.
If you get it to work there, it may be something specific on the development server that is preventing the proper functioning of the program.
Sorry I couldn't be of more help.
![Confused [*-)]](/emoticons/emotion-42.gif)
xal replied on Tuesday, May 23, 2006
OK, got it!! Apparently there is some voddoo magic you need to do to get it working....
1- Prepare your yuyu bag...
2- Go to %SystemRoot%\Microsoft.Net\Framework\v2.0.50727\CONFIG
3- Open machine.config and go to the <system.web>
4- Look for the processModel attribute and configure a user that can communicate with your sql server. <processModel userName="user" password="your password here!" autoConfig="true"/>
5- Shake (do not stir) the bag and save the file.
6- Obviously reboot your machine because that's just the way it works (no, stopping the www service won't do it even though the aspnet process is killed once you stop the service, so stop complaining and reboot).
That's it!
Now, some say that using SYSTEM as username (without specifying the password attribute) will solve the problem. I haven't tested it for now, but I will.... I'll post results when I do....
Is this an issue when implementing on the client? Will I have to do some voddoo (like this one) to their config files that they will not like?
It's not that it's such complicated, but our clientele is not very fond of this sort of requirements....
Besides it may affect other processes that require other security environment. I don't know much about asp / iis, but can different applications have a different aspnet_wp proceses? Can this configuration changes affect just one of them (and how could I do that)?
Andrés
Dawn replied on Tuesday, May 23, 2006
Hi, Andrés,
I don't think you shound change the machine.config, I' think you
problem is just a special case. I don't use development instance, just
use Http://localhost/..., I make post build event copy all the BO
to the destionation web folder, and remoting always works. Some error
occured I use remoting like forget [Serialiable()] attribute on
BO, DTC Security configuration is eazy to solve.
And I also use vmware install a virtual pc, try use clickonce
publishing on the virtual pc, also use remoting access on the virtual
pc, it's work's fine. So my suggestion is if you have vmvare, try to
install a "clean" server, a "clean" client, "clean" means no other
application installed, test it, otherwise install a real clean one,
test it.
Dawn
xal replied on Tuesday, May 23, 2006
Dawn,
The problem I'm experiencing is not on the development instance. Development Instance works just fine. The problem is in my real instance (http://localhost/...).
The problem is that it will not connect to a sql server in another machine (i'm logging in with sql security with sa user) (and jic: no, i'm not planning on keeping sa, just doing this for testing).
So, I'm developing on PC1 and i'm using remoting on IIS on PC1.
The web.config has a connection string pointing to PC2. It is not using windows security and it's trying to log in with sa as username. This same connection string works just fine in development instance and also if i don't use remoting (local dataportal).
From what I've been able to gather this is an issue related with the security policy of user ASPNET and the restrictions it applies on aspnet_wp.exe.
I will attempt to gather more info (probably not this week) on this subject and if I get something valuable I'll post it. In the meantime if anybody knows anything about this, please let me know.
Thanks,
Andrés
RockfordLhotka replied on Wednesday, May 24, 2006
One thing you might try for debugging is to add an aspx page to your virtual root and have that page try to talk to the database. Though it is easy to think of the virtual root as only a Remoting endpoint, the fact is that the virtual root is technically an ASP.NET application, and so it can run aspx pages. That may make debugging easier - in that at least you can easily output information about the environment, etc.Dawn replied on Wednesday, May 24, 2006
Hi Andrés.
I test exact like you setting. First time exception occurs, like this
"Principal must be of type BusinessPrincipal, not System.Security.Principal.GenericPrincipa"
And I check my code, i fetch something from the dataportal before I do
login in, beacuse i want do a little more stuff in the application
start up stage. so, in the main function, i add a line
MyCustomerPrincipal.Logout() which create a BusinessPrincipal, it's
work expact my firewall ask if let the asp_wp.exe go out.
Hope this help.
Dawn
bmmathe replied on Thursday, May 24, 2007
I'm getting the same error message...
Any ideas?
RockfordLhotka replied on Thursday, May 24, 2007
Did you call a Logout() method before trying to login in? You MUST have a valid (though unauthenticated) business principal set up before you ever try to call the data portal. Typically a Logout() method is used to accomplish this (look at ProjectTracker).bmmathe replied on Thursday, May 24, 2007
Sorry, I failed to read the entire thread before I posted.
I will try the machine.config solution. I would try to set the application pool to run under a domain account but my test machine is XP so I guess the machine config is the only way to fix this issue?
Copyright (c) Marimer LLC
