SI: WebAPI - Windows Authentication
Description
QA Test Plan
None
Attachments
1
- 03 Mar 2015, 09:34 AM
Activity
Show:
Ken GriersonJune 23, 2015 at 11:46 PM
Verified fixed Platform 7.4.2 build 124 clean install & upgrade
Eleonora IkponmwosaMay 20, 2015 at 10:10 PM
Submitted PR with fix for userinfo key duplicate based on the existing PR: https://github.com/dnnsoftware/Dnn.Platform/pull/519
,but with Resharper optimization
Tested on DNN AD enabled site (using latest build):
Auto sign in works correctly;
User gets created correctly on the initial sign in;
Sign out works correctly;
Eleonora IkponmwosaMay 19, 2015 at 8:38 PM
Used latest build (with this commit) on the site that has AD configured, got following error:
Item has already been added. Key in dictionary: 'UserInfo' Key being added: 'UserInfo'
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ArgumentException: Item has already been added. Key in dictionary: 'UserInfo' Key being added: 'UserInfo'
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[ArgumentException: Item has already been added. Key in dictionary: 'UserInfo' Key being added: 'UserInfo']
System.Collections.Hashtable.Insert(Object key, Object nvalue, Boolean add) +14304563
DotNetNuke.HttpModules.Membership.MembershipModule.AuthenticateRequest(HttpContextBase context, Boolean allowUnknownExtensions) in c:\DNN Dev\DNNGitHubEVOQ\DNN.Platform\DNN Platform\HttpModules\Membership\MembershipModule.cs:247
DotNetNuke.HttpModules.Membership.MembershipModule.OnAuthenticateRequest(Object sender, EventArgs e) in c:\DNN Dev\DNNGitHubEVOQ\DNN.Platform\DNN Platform\HttpModules\Membership\MembershipModule.cs:104
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165Ben ZhongMay 18, 2015 at 2:25 AM
Reopen this item as the code will break AD auth process.
Complete
Details
Assignee
Ken GriersonKen GriersonReporter
Barry WaluszkoBarry WaluszkoStory Size
UnknownSeverity
MajorTriage
TriagedFixed in Build
7.4.2.75Includes Code Fix
NoDocumentation Required
NoTrouble Ticket
006-1C81DB15-0308Components
Fix versions
Priority
Medium
Details
Details
Assignee
Ken Grierson
Ken GriersonReporter
Barry Waluszko
Barry WaluszkoStory Size
Unknown
Severity
Major
Triage
Triaged
Fixed in Build
7.4.2.75
Includes Code Fix
No
Documentation Required
No
Trouble Ticket
006-1C81DB15-0308
Components
Fix versions
Priority
MediumCreated March 3, 2015 at 9:50 AM
Updated January 11, 2016 at 3:02 PM
Resolved June 23, 2015 at 11:46 PM
Brief description
The Web API methods decorated by attribute: DnnAuthorize or RequireHost are not working when in IIS Authentication is set to Windows Authentication.
Steps to reproduce
Create new DNNv734 instance.
In IIS enable Windows Authentication, for all website
Install Glanton AD-Pro Authentication module.
Enable auto-login in AD-Pro Authentication module
Actual result
Requests to WebAPI methods decorated by attribute DnnAuthorize or RequireHost fails.
Fiddler shows HTTP 302 code loop (see attached file).
Expected result
Request's shouldn't fail.
Note
This behavior doesn't occur when Windows Authentication is set for only one file, like in AD Auth provider, in AD Auth this issue doesn't occur.
In Glanton extension every request must be authenticated by the NTLM or Kerberos protocol. To authenticate request this method DotNetNuke.HttpModules.Membership.AuthenticateRequest must be executed, which by default ignores all the requests from Windows Authentication. (in source code line 160).
I'm implementing a fix, I will add it to the git repo.