Forums (Obsolete)

Member

bas.moises-accenture - 1/12/2012 2:07:19 AM

Windows Identity Error

we implement the adfs in kentico and it run ok in live site but when i in
cmsdesk i encounter this error.,

Exception information:
Exception type: ProviderException
Exception message: Method is only supported if the user name parameter matches the user name in the current Windows Identity.
at System.Web.Security.WindowsTokenRoleProvider.GetCurrentWindowsIdentityAndCheckName(String userName)
at System.Web.Security.WindowsTokenRoleProvider.GetCurrentTokenAndCheckName(String userName)
at System.Web.Security.WindowsTokenRoleProvider.GetRolesForUser(String username)
at CMS.SiteProvider.UserInfoProvider.AuthenticateUserWindows(IPrincipal user, String siteName)
at CMS.CMSHelper.CMSContext.GetCurrentUser(Boolean& loadUserData)
at CMS.CMSHelper.SessionInfo.LoadFromContext()
at CMS.CMSHelper.SessionManager.UpdateCurrentSession(String siteName)
at CMS.UIControls.CMSPage.OnPreInit(EventArgs e)
at System.Web.UI.Page.PerformPreInit()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Request information:
Request URL: https://test.mytechzone.itv.com:443/iSocial/CMSFormControls/Selectors/InsertImageOrMedia/Default.aspx?output=relationship&email_hide=1&anchor_hide=1&attachments_hide=1&libraries_hide=1&web_hide=1&content_site=iSocial&editor_clientid=txtLeftNode&siteid=1&hash=1a444678a360f9addc24fbb04a85655927ceebbf2858768467f70fdd9aacf23e
Request path: /iSocial/CMSFormControls/Selectors/InsertImageOrMedia/Default.aspx
User host address: 115.85.11.178
User: MartRutr
Is authenticated: True
Authentication Type: Federation
Thread account name: NT AUTHORITY\NETWORK SERVICE

Thread information:
Thread ID: 9
Thread account name: NT AUTHORITY\NETWORK SERVICE
Is impersonating: False
Stack trace: at System.Web.Security.WindowsTokenRoleProvider.GetCurrentWindowsIdentityAndCheckName(String userName)
at System.Web.Security.WindowsTokenRoleProvider.GetCurrentTokenAndCheckName(String userName)
at System.Web.Security.WindowsTokenRoleProvider.GetRolesForUser(String username)
at CMS.SiteProvider.UserInfoProvider.AuthenticateUserWindows(IPrincipal user, String siteName)
at CMS.CMSHelper.CMSContext.GetCurrentUser(Boolean& loadUserData)
at CMS.CMSHelper.SessionInfo.LoadFromContext()
at CMS.CMSHelper.SessionManager.UpdateCurrentSession(String siteName)
at CMS.UIControls.CMSPage.OnPreInit(EventArgs e)
at System.Web.UI.Page.PerformPreInit()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Custom event details:

Kentico Consulting

kentico_borisp - 1/12/2012 6:58:46 AM

RE:Windows Identity Error

Hello,

A similar issue was already discussed in our forums, could you please check this thread? Additionally, please try to use the following methods, because it's possible that the context is missing during those remote calls, if you are getting the user info:

UserInfo ui = UserInfoProvider.GetUserInfo(safeusername);
DataTable rolesTable = UserInfoProvider.GetUserRoles(ui, where, null, 0, "RoleName");

Best regards,
Boris Pocatko


Member	norben.oriarte-live - 1/27/2012 5:48:14 AM RE:Windows Identity Error Hi, Can you update the link of your pointed thread? I think its broken. Thanks.


Kentico Support	kentico_jurajo - 1/27/2012 7:56:23 AM RE:Windows Identity Error Hi, I guess my colleague meant this thread. We are sorry for that :-) Best regards, Juraj Ondrus

Member

norben.oriarte-live - 1/30/2012 4:48:39 AM

RE:Windows Identity Error

Hi,
I have found out that this line of code causes the Identity error.

UserInfoProvider.SetUserInfo(ui);

Removing this line of code solves our Identity error but we don’t know its actual impact or if it will cause serious problems for the whole system. Do you mind explaining it with us?

The code is located in the StoreDialogsConfiguration() method of CMSModules\Content\Controls\Dialogs\LinkMediaSelector\LinkMediaSelector.ascx.cs file. (Kentico v5.5r2)

FYI, identity error happens once we click the select button of the modal dialog.
Thanks

Kentico Consulting

kentico_borisp - 2/6/2012 5:45:00 AM

RE:Windows Identity Error

Hello,

I've checked with our developer responsible for the security model and the ASFD feature isn't currently officially supported. Removing the given line might help, however you could face similar issues throughout the system, since we haven't tested Kentico on such a setup. If this workaround works for you, then you can apply it, however regrettably we can't say, if this is going to affect the system in any way. The ASFD environment should be supported from 7.0 if everything goes according to plan. In the mean time you can use a standard AD setup, which is supported by Kentico.

Best regards,
Boris Pocatko