SerializationException on 'CustomIdentity' when user is denied in ASP.NET
Asked Answered
L

5

8

I try to implement ASP.NET Authentication and Authorization on top of our existing database. We have a website calling a webservice to fetch its data. To use the webservice, i need to provide the username and password. Knowing that, I decided to implement IIdentity and IPrincipal to store the encrypted password and be able to provide it when performing webservice calls. In the future, we might want to use more of the built-in security of asp.net, so I implement membership and role provider and override just what I need (ValidateUser and GetRoles) Though, after validating the user thanks to the membership provider implementation I am still setting my own CustomIdentity to the Context.User to be able to retrieve its password when needed.

It's working perfectly as long as the user is allowed to visit the page. but when the user is denied, instead of throwing an AccessDeniedException, the framework throws a Serialization exception on my CustomIdentity. I found a perfectly similar behaviour with more details described on this link , but no answer have been posted.

My exception is exactly the same as on the link above


Type is not resolved for member'CW.CustomAuthentication.CWIdentity,CW.CustomAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.Serialization.SerializationException: Type is not resolved for member 'CW.CustomAuthentication.CWIdentity,CW.CustomAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SerializationException: Type is not resolved for member 'CW.CustomAuthentication.CWIdentity,CW.CustomAuthentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.]
   Microsoft.VisualStudio.WebHost.Connection.get_RemoteIP() +0
   Microsoft.VisualStudio.WebHost.Request.GetRemoteAddress() +65
   System.Web.HttpRequest.get_UserHostAddress() +18
   System.Web.HttpRequest.get_IsLocal() +13
   System.Web.Configuration.CustomErrorsSection.CustomErrorsEnabled(HttpRequest request) +86
   System.Web.HttpContext.get_IsCustomErrorEnabled() +42
   System.Web.Configuration.UrlAuthFailedErrorFormatter.GetErrorText(HttpContext context) +16
   System.Web.Security.UrlAuthorizationModule.WriteErrorMessage(HttpContext context) +29
   System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) +8777783
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

Is it correct to use membership and custom IIdentity and IPrincipal at the same time? If not, where to add properties like the password or other userdata if I use the membership and role providers?

Best regards,

Stephane Erbrech

Lehmann answered 14/8, 2009 at 11:27 Comment(8)
@serbrech: if you will kindly re-read your question, you will surely notice that you have not posted the exception. In fact, please take the time to post the complete exception by catching it, then posting the result of ex.ToString().Cachucha
just added the exception I get, if it helpsEdgeworth
@serbrech: thanks. Is your CW.CustomAuthentication.CWIdentity serializable? Have you tested that it can be serialized using the BinaryFormatter?Cachucha
@serbrech: Sorry to be a pain. I see that you cannot catch this exception in order to display ex.ToString(). However, could you please look in the server event log to see if there are warning events from the "ASP.NET" event source? Some of them may include the full exception, or other useful information.Cachucha
after some more testing, according to what the link I posted said, it seems that this error is happening only when I run in debug mode from visual studio. If I set the project to run in IIS, the error is gone and the security implementation works as expected. Is that a bug in the lightweight webserver implemented in Visual studio then?Edgeworth
I've encountered the same problem and found a lot of useful info (and solutions) here.Tachygraphy
You can actually go in the properties of your web project, go to the Web tab, and check "Use local IIS Server" this will require to run Visual Studio as an Administrator so that VS can create the virtual directory when it loads the project, but it solves the issue.Edgeworth
indeed, but it takes a little more time to get started, I try to achieve the 'get source and run' principle...Tachygraphy
L
8

after some more testing, according to what the link I posted said, it seems that this error is happening only when I run in debug mode from visual studio. If I set the project to run in IIS, the error is gone and the security implementation works as expected.

---Is that a bug in the lightweight webserver implemented in Visual studio then?---

Edit : You can go in the Properties of your web project, go to the "Web" tab, and check "Use local IIS Server". However, this will require you to run Visual Studio as an Administrator and to have IIS installed on your machine, so that VS can create the virtual directory in the local IIS server when it loads the project.

Lehmann answered 17/8, 2009 at 10:1 Comment(1)
Any one has figured out why this occurs?Cancan
U
6

In my case, I simply had to inherit from MarshalByRefObject.

public class IcmtrIdentity :  MarshalByRefObject, IIdentity
{
   ...
}
Unexampled answered 3/10, 2012 at 13:18 Comment(0)
R
4

This might not be the correct answer, but I had this issue also but fixed it.

Originally, I just had a custom class that inherited GenericIdentity (or implimented IIdentity). When I finally created a custom class which inheritted GenericPrincipal (or implimented IPrincipal) then it all worked?

my CustomPrincipal class did nothing but inherited from GenericPrincipal and had one constructor which called the base constructor.

Both the CustomPrincipal and CustomIdentity classes did NOT impliment any Serialization or ISerializable stuff. Then again, my classes were all very basic.

Revenant answered 21/3, 2011 at 8:7 Comment(2)
So the solution was to add [Serializable]?Internationale
:blush: I can't remember now - it was a while ago. It depends on what you are putting inside your CustomPrincipal or (more likey) your 'CustomIdentity'. If you're saving a custom class in there, then yeah .. I think I had to. I've gone to stripping down my CustomIdentity classes to contain only strings or ints or primitive types.Revenant
F
2

You can go in the Properties of your web project, go to the "Web" tab, and check "Use local IIS Server". However, this will require you to run Visual Studio as an Administrator and to have IIS installed on your machine, so that VS can create the virtual directory in the local IIS server when it loads the project.

I had the same issue when trying to run the web app using CustomIdentity. In order to set the project to use your IIS in VS 2008, you will need to define the URL to your application pool in your web application project.

Furr answered 7/3, 2011 at 16:10 Comment(0)
B
1

This can also be resolved by adding the assembly containing your custom identity to the GAC on your dev machine.

Burdelle answered 16/4, 2013 at 1:29 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.