DevForce Community Forum : Generic Identity Authorisation in 2-tier http://www.ideablade.com/forum/ This is an XML content feed of; DevForce Community Forum : DevForce 2010 : Generic Identity Authorisation in 2-tier Sun, 28 Jun 2026 08:51:46 -700 Mon, 27 Jun 2011 11:54:38 -700 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 9.69 360 www.ideablade.com/forum/RSS_post_feed.asp?TID=2780 DevForce Community Forum http://www.ideablade.com/forum/forum_images/IdeaBlade_logo_tm.png http://www.ideablade.com/forum/ Generic Identity Authorisation in 2-tier : Hi John;Actually, I was running... http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11116#11116 Author: DenisK
Subject: 2780
Posted: 27-Jun-2011 at 11:54am

Hi John;

Actually, I was running this from the debugger. I think this is just a matter of setting the right options on Debug -> Exceptions on your VS2010.
]]> Mon, 27 Jun 2011 11:54:38 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11116#11116 Generic Identity Authorisation in 2-tier : Hi Denis,I see where I was going... http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11106#11106 Author: jradxl
Subject: 2780
Posted: 24-Jun-2011 at 3:43pm

Hi Denis,

I see where I was going wrong. I was running in the VS2010 debugger, and it stopped at the throw line.
If I run Console01.exe from the bin\Debug directory, it works.

I added two more Console.WriteLine statements, and it does get back to the Client, as shown.

Thread principal before login:
Non-Windows Login
About to Throw on Server...
In Client Catch
LoginException: 'johnx' is not a user name in the 'domain' domain.
Press ENTER to exit...

I was expecting the Debuger to find the Catch statement in the Client.
Sorry. I assume you were running the exe directory?

rgds
John

]]> Fri, 24 Jun 2011 15:43:04 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11106#11106 Generic Identity Authorisation in 2-tier : Hi John;I tried version 6.1.0... http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11104#11104 Author: DenisK
Subject: 2780
Posted: 24-Jun-2011 at 2:29pm

Hi John;

I tried version 6.1.0 and 6.1.1. However, I don't think it has anything to do with the version. I do hope though that I'm not misunderstanding your question.

To clarify, you want a LoginException thrown on the server and caught on the client. In my code sample, I have the following:

CLIENT

      try {
        // Login will null credentials.  The LoginManager will decide what to do ...
        //loginResult = mgr.Login((ILoginCredential)null);

        LoginCredential cred = new LoginCredential("johnxxx", "password", "domain");
        var loginResult = mgr.Login((ILoginCredential)cred);
        var isLoggedIn = mgr.IsLoggedIn;
        Console.WriteLine("Thread principal after login: {0}", System.Threading.Thread.CurrentPrincipal.Identity.Name);
      } catch (LoginException le) {
        Console.WriteLine("LoginException: " + le.Message);
        var isLoggedIn = mgr.IsLoggedIn;
        Console.WriteLine("Press ENTER to exit...");
        Console.ReadLine();
        return;
      }

SERVER

    public IPrincipal Login(ILoginCredential credential, EntityManager entityManager) {

      if (credential == null) {
        #region If Credential is null
        //details omitted
        #endregion
      } else {
        Console.WriteLine("Non-Windows Login");
        GenericIdentity gi = null;
        if (credential.UserName.Equals("john")) { //change to somthing else to force failure
          gi = new GenericIdentity(credential.UserName, "MyAuthoType");
        } else {
          throw new LoginException(LoginExceptionType.InvalidUserName, credential.Domain, credential.UserName);
        }
        GenericPrincipal gp = new GenericPrincipal(gi, null);
        Console.WriteLine("Non-Windows Login Completed.");
        return CreateUser(gp);
      }

      //throw new NotImplementedException("Only Windows authentication is supported here");
    }

CONSOLE OUTPUT

Thread principal before login:
Non-Windows Login
LoginException: 'johnxxx' is not a user name in the 'domain' domain.
Press ENTER to exit...

Is this not what you're seeing and/or expecting?

I've attached my debug log here. uploads/912/Debug.zip
]]> Fri, 24 Jun 2011 14:29:11 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11104#11104 Generic Identity Authorisation in 2-tier : Hello Denis,Thanks for code sample.... http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11097#11097 Author: jradxl
Subject: 2780
Posted: 24-Jun-2011 at 1:26am

Hello Denis,
Thanks for code sample. Unfortunately it runs with same issue on my laptop - throws in LoginManager on the Server.
I've upgraded to 6.1.1 from 6.1.0. No change.

What version of DF did you compile and run against? Please attach copy of your DebugLog after a failed login.

thanks
John

]]> Fri, 24 Jun 2011 01:26:36 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11097#11097 Generic Identity Authorisation in 2-tier : Hi John;Hmm, that's strange.... http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11090#11090 Author: DenisK
Subject: 2780
Posted: 23-Jun-2011 at 4:25pm

Hi John;

Hmm, that's strange. Here's my sample solution that shows that LoginException is caught on the client.

www.ideablade.com/friends/Console_SecurityWindowsAuthentication.zip

Hopefully you'll be able to see the difference. If not, feel free to upload your solution to me and I'll see what I can do.
]]> Thu, 23 Jun 2011 16:25:39 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11090#11090 Generic Identity Authorisation in 2-tier : Hello DenisK,Thank you for your... http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11083#11083 Author: jradxl
Subject: 2780
Posted: 23-Jun-2011 at 11:44am

Hello DenisK,
Thank you for your time in search back to my question.

I'm sorry, but I do not find,
throw new LoginException(LoginExceptionType.InvalidUserName, credential.Domain, credential.UserName);
returning to the Client,
as this DebugLog file below shows. The application stops dead at the throw statement.

I guess that calling Login is early in your library's initialisation, and the method for returning to the Client is not available.

thanks
John

<?xml version="1.0"?><?xml-stylesheet href="DebugLog.xsl" type="text/xsl"?>
<log>
<entry id="14" timestamp="2011-06-23T19:36:20" username="" source="IdeaBlade.Core.TraceFileXmlLogger:GetLogHeader">------------ Log Created ------------</entry>
<entry id="0" timestamp="2011-06-23T19:36:15" username="" source="Console01.Program:DoIt">TraceFns: Program Starting...</entry>
<entry id="1" timestamp="2011-06-23T19:36:15" username="" source="Console01.Program:DoIt">DebugFns: Program Starting...</entry>
<entry id="2" timestamp="2011-06-23T19:36:15" username="" source="IdeaBlade.Core.IdeaBladeConfig:Initialize">Initializing configuration ...</entry>
<entry id="3" timestamp="2011-06-23T19:36:17" username="" source="IdeaBlade.Core.Composition.PartsCatalog:LoadCatalog">MEF assembly probing started: 23/06/2011 19:36:17.  If this takes a long time, use IdeaBlade.Core.Composition.CompositionHost to specify/restrict which assemblies to probe.</entry>
<entry id="4" timestamp="2011-06-23T19:36:17" username="" source="IdeaBlade.Core.Composition.PartsCatalog:LoadCatalog">Assembly 'Console01, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' added to PartsCatalog</entry>
<entry id="5" timestamp="2011-06-23T19:36:17" username="" source="IdeaBlade.Core.Composition.PartsCatalog:LoadCatalog">Error loading assembly 'C:\VSProjects\VS2010\DevForce\Console_SecurityWindowsAuthentication\080_Secure\Console_SecurityWindowsAuthentication-2TierNoServer\CodeCS\Console01\bin\Debug\Console01.exe.config' for PartsCatalog: Error with file Console01.exe.config.</entry>
<entry id="6" timestamp="2011-06-23T19:36:17" username="" source="IdeaBlade.Core.Composition.PartsCatalog:LoadCatalog">MEF assembly probing completed: 23/06/2011 19:36:17</entry>
<entry id="7" timestamp="2011-06-23T19:36:17" username="" source="IdeaBlade.Core.Composition.CompositionHost:.ctor">Probe Assemblies: Console01, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null :: SimpleNorthwindModel.Desktop, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null :: WPFTraceViewer, Version=6.1.0.0, Culture=neutral, PublicKeyToken=287b5094865421c0  If this list is unnecessarily large, use CompositionHost.SearchPatterns to modify the search critieria for probed assemblies. If this list does not contain the assembly(ies) holding your a) domain model, b) custom interface implementations, and c) POCO/known types then your application may not work correctly. Ensure that these assemblies are available in the exe/bin folder, and if using CompositionHost.SearchPatterns that the patterns are set appropriately.</entry>
<entry id="8" timestamp="2011-06-23T19:36:17" username="" source="IdeaBlade.Core.IdeaBladeConfig:InitializationStatusCallback">IdeaBlade License: 'EnterpriseUniv, Express', KeyDate: 15/04/2010, AllowedSessions: 10000. Found on Assembly: 'SimpleNorthwindModel.Desktop, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'</entry>
<entry id="9" timestamp="2011-06-23T19:36:17" username="" source="IdeaBlade.Core.Configuration.ServerSettingsElement:ConstrainSettingsBasedOnLicenseCore">The configured SupportedClientApplicationType is Both</entry>
<entry id="10" timestamp="2011-06-23T19:36:17" username="" source="IdeaBlade.Core.Configuration.ServerSettingsElement:ConstrainSettingsBasedOnLicenseCore">Could not find a valid license to enable session-agnostic load balancing.</entry>
<entry id="11" timestamp="2011-06-23T19:36:20" username="" source="IdeaBlade.Core.Configuration.ServerSettingsElement:ConstrainSettingsBasedOnLicenseCore">Could not find a valid license to enable session-agnostic load balancing.</entry>
</log>

]]> Thu, 23 Jun 2011 11:44:57 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11083#11083 Generic Identity Authorisation in 2-tier : Hi jradxl; I&#039;d much prefer... http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11077#11077 Author: DenisK
Subject: 2780
Posted: 22-Jun-2011 at 5:03pm

Hi jradxl;

I'd much prefer to have LoginExceptionType.InvalidUserName returned to the Client.
Please can you suggest a way?

To do this, you can throw a LoginException back to the client.

throw new LoginException(LoginExceptionType.InvalidUserName, credential.Domain, credential.UserName);

I see that you commented that part of the code out and you create a GenericIdentity instead with IsAuthenticated = false. A login and authentication are 2 different processes. A user can successfully login but not authenticated. To disallow login, a LoginException needs to be thrown.

Alternatively, can you support:-
                var loginResult = mgr.Login((ILoginCredential)cred);                var isLoggedIn = mgr.IsLoggedIn;

as false, when the login fails. So that one can test in the Client, and not have an exception.

Currently, as I've noted above, to indicate a failed login, one has to throw a LoginException. If you have a convincing use case for this, I might be able to discuss this with a senior engineer and add it to the feature request list.
]]> Wed, 22 Jun 2011 17:03:01 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11077#11077 Generic Identity Authorisation in 2-tier : Generic Identity Authorisation... http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11032#11032 Author: jradxl
Subject: 2780
Posted: 18-Jun-2011 at 2:43pm

Generic Identity Authorisation in 2-tier

Hi,
Using your example Console_SecurityWindowsAuthentication, which I have arranged to be 2-tier, I am adding code to support non-Windows Generic Identity Authorization.

In your code example of IEntityLoginManager you have a LoginException being generated on the Server side (which is of course in 2-tier also running on the client), if the login fails.

On the otherhand, if the GenericIdenity.IsAuthenticatedis false, the login as seen by the Client still succeeds.

Also, EntityServerQueryInterceptor is probed for after the login is completed.

The only way I can find of returning a failed login back to the Client is to return a null UserBase. This causes a EntityServerException of "Session Bundle is invalid". Which matches your code example.
Only in the Catch blocks is EntityManager.IsLoggedInfalse.

I'd much prefer to have LoginExceptionType.InvalidUserName returned to the Client.
Please can you suggest a way?

Alternatively, can you support:-
                var loginResult = mgr.Login((ILoginCredential)cred);                var isLoggedIn = mgr.IsLoggedIn;

as false, when the login fails. So that one can test in the Client, and not have an exception.

//Client
        void DoIt()        {            NorthwindManager mgr = new NorthwindManager();             //IdeaBlade.Core.IdeaBladeConfig.ConfigFileAssembly = Assembly.GetExecutingAssembly();            var configInstance = IdeaBlade.Core.IdeaBladeConfig.Instance;            configInstance.ObjectServer.ClientSettings.IsDistributed = false;            configInstance.ObjectServer.ServerSettings.AllowAnonymousLogin = false;            configInstance.ObjectServer.ServerSettings.LoginManagerRequired = true;            configInstance.Logging.ShouldLogSqlQueries = true;            configInstance.Logging.LogFile = "MyLogFile.xml"; //not working.             Console.WriteLine("Thread principal before login: {0}", System.Threading.Thread.CurrentPrincipal.Identity.Name);            bool isLoggedIn = false;            bool loginResult = false;            try            {                // Login will null credentials.  The LoginManager will decide what to do ...                LoginCredential cred = new LoginCredential("john""password""domain");                //loginResult = mgr.Login((ILoginCredential)null);                 loginResult = mgr.Login((ILoginCredential)cred);                isLoggedIn = mgr.IsLoggedIn;                Console.WriteLine("Thread principal after login: {0}", System.Threading.Thread.CurrentPrincipal.Identity.Name);            }            catch (LoginException le)            {                Console.WriteLine("LoginException: " + le.Message);                isLoggedIn = mgr.IsLoggedIn;                Console.WriteLine("Press ENTER to exit...");                Console.ReadLine();                return;            }            catch (EntityServerException ese)            {                Console.WriteLine("EntityServerException Login failed: " + ese.Message);                isLoggedIn = mgr.IsLoggedIn;                Console.WriteLine("Press ENTER to exit...");                Console.ReadLine();                return;            }            catch (Exception ex)            {                bool isLogged = mgr.IsLoggedIn;                Console.WriteLine(ex.Message);                return;            }

            // etc....
         }

//Server
        public IPrincipal Login(ILoginCredential credential, EntityManager entityManager)        {            if (credential == null)            {                // if running n-tier the user's Windows credentials will be passed and available on the thread:                var principal = System.Threading.Thread.CurrentPrincipal;                if (principal.Identity.IsAuthenticated)                {                    Logger.WriteMsg(string.Format("principal is {0}", principal.Identity.Name));                    // Note that we can't return the WindowsPrincipal/WindowsIdentity back to the client, so                    // create a new one, here we use the DevForce UserBase class, but you can create your own too.                     return CreateUser(principal);                }                else                {                    // This is here for 2-tier testing, since you'll probably want to throw an error or do                    // some custom logic in n-tier.  When not running n-tier, the thread principal has not been set                     // but you can obtain the Windows Identity and use that.                    var wi = WindowsIdentity.GetCurrent();                    Logger.WriteMsg(string.Format("wi is {0}", wi.Name));                    WindowsPrincipal wp = new WindowsPrincipal(wi);                    return CreateUser(wp);                }            }            else            {                Logger.WriteMsg("Non-Windows Login");                GenericIdentity gi = null;                if (credential.UserName.Equals("john")) //change to somthing else to force failure                {                    gi = new GenericIdentity(credential.UserName, "MyAuthoType");                }                else                {
                    //This is the way of getting IsAuthenticated set to false                    gi = new GenericIdentity("""MyAuthoType");                     //This will throw in EntityServer                    // throw new LoginException(LoginExceptionType.InvalidUserName, credential.Domain, credential.UserName);                }                GenericPrincipal gp = new GenericPrincipal(gi, null);                Logger.WriteMsg("Non-Windows Login Completed.");                return CreateUser(gp);            }            throw new NotImplementedException("Some Login Error");        }         private UserBase CreateUser(IPrincipal currentUser)        {            // The UserBase and UserIdentity classes are custom IPrincipal/IIdentity implementations            // within DevForce.               UserIdentity identity = new UserIdentity(currentUser.Identity.Name, currentUser.Identity.AuthenticationType, currentUser.Identity.IsAuthenticated);            bool isInRole = currentUser.IsInRole("");            var isAuth = currentUser.Identity.IsAuthenticated;             // You can determine what roles to set, if any.            string[] roles = new string[] { };             if (isAuth)            {                Logger.WriteMsg("UserBase created.");                return new UserBase(identity, roles);            }            //Will result in an EntityServerException in the Client            Logger.WriteMsg("Null UserBase returned.");            return null;        }

thanks
John



Edited by jradxl - 18-Jun-2011 at 3:12pm]]> Sat, 18 Jun 2011 14:43:51 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=2780&PID=11032#11032