By Jeff Pagley - 10/8/2010
First of all I read the help and it instructed me to add the following line to Global.asax file:
SecurityBasics.IsWebEnvironment = true;
Then using the code copied from the help files (see below) I try to authicate the user. However, the login fails. I know this code and username and password works, because I used the exact same code from a Windows form. When looking at the user name returned by SecurityBasics.CurrentUser after the authentication fails, it is 'Administrator' even though I am trying to authenticate another user. What is wrong or what do I have to do to get this same code to work from a Web form?
//-- Establish locals
StringBuilder sb = new StringBuilder();
String userName = "";
MicroFour.StrataFrame.Security.Login.LoginResult loResult;
//-- Attempt to authenticate the user
loResult = MicroFour.StrataFrame.Security.Login.SetLoggedInUser(this.txtUsername.Text, this.txtPassword.Text, "");
//-- If the result if Success, AdminLoggedOn, or SecMaintUserLoggedOn, the
// SecurityBasics.CurrentUser object will be changed to the correct user
//-- Do something based upon the result
switch (loResult)
{
case MicroFour.StrataFrame.Security.Login.LoginResult.Success:
sb.AppendLine("Login successful.");
userName = MicroFour.StrataFrame.Security.SecurityBasics.CurrentUser.UserName;
sb.AppendLine(userName);
this.lblMessage.Text = sb.ToString();
return true;
case MicroFour.StrataFrame.Security.Login.LoginResult.Failure:
this.lblMessage.Text = "Login failed.";
return false;
case MicroFour.StrataFrame.Security.Login.LoginResult.UserDeactivated:
this.lblMessage.Text = "User Deactivated.";
return true;
default:
this.lblMessage.Text = "Unexpected Error: No login result returned.";
return false;
}
}
|
By Jeff Pagley - 10/13/2010
Hi SF,
It has been several days and I have not received a response to this post. I am trying to test using the RBS authentication from a Web form vs using ASP.NET authentication. Or would it be better to use the built-in ASP.NET authentication and security for web apps?
Thanks,
Jeff
|
By Trent L. Taylor - 10/14/2010
You most definitely do not want to use the built-in .NET security environment as it is a massive pain. We had a web developer that worked for us a while come in, and without talking with us or later taking our advice, used these controls and created an interface. It has been a painful experience in every way and now that he is no longer here, we get the pleasure of working on the site....and I can tell you, this is painful.
Let's backup for a minute and assume that you are having a similar problem as you were on the WinForms. Are you connected to the correct database? You showed me all of your execution logic, but nothing about how you are connecting to your database or initializing the security environment. You must still initialize security just like you do on WinForms.
Second, what results do you get just calling AuthenticateUser?
Dim users As new MicroFour.StrataFrame.Security.BusinessObjects()
Login.AuthenticateUser("MyUser", "MyPassword", String.Empty, users)
This will isolate the login since you are required to pass over a users BO. When you create the instance of this BO, you can then query on it, etc. to make sure you are pulling from the correct database if this initial query doesn't work. I am almost positive that you are not talking to the correct database or have the security environment setup correct. This is a good starting place to work through it.
|
By Jeff Pagley - 10/14/2010
Below is my database application settings in the Global.asax file:
//------------------------------------
// Setting the data sources manually
//------------------------------------
//-- SQL Server
//-- Database which contains the application tables
System.Data.SqlClient.SqlConnectionStringBuilder builder = new System.Data.SqlClient.SqlConnectionStringBuilder();
builder.DataSource = "1LPJPAGLEY\\SQLEXPRESS";
builder.InitialCatalog = "CEI";
builder.UserID = "sa";
builder.Password = "access";
DataLayer.DataSources.Add(new SqlDataSourceItem("", builder.ConnectionString));
// Database which contains the Role Based Security tables
string keyRoleBaseSecurity = "RBS";
System.Data.SqlClient.SqlConnectionStringBuilder builderRBS = new System.Data.SqlClient.SqlConnectionStringBuilder();
builderRBS.DataSource = "1LPJPAGLEY\\SQLEXPRESS";
builderRBS.InitialCatalog = "StrataFrame";
builderRBS.UserID = "sa";
builderRBS.Password = "access";
DataLayer.DataSources.Add(new SqlDataSourceItem(keyRoleBaseSecurity, builderRBS.ConnectionString));
//Set the data source key for the security tables
SecurityBasics.SecurityDataSourceKey = keyRoleBaseSecurity;
Also I queried the SFSUsersBO (see code below) as you suggested and got back one record which is correct because I have only one user setup at the moment:
MicroFour.StrataFrame.Security.BusinessObjects.SFSUsersBO users = new MicroFour.StrataFrame.Security.BusinessObjects.SFSUsersBO();
MicroFour.StrataFrame.Security.Login.LoginResult loResult;
users.FillAll(1);
But the code you suggested to use failed (see below):
loResult = MicroFour.StrataFrame.Security.Login.AuthenticateUser("jeff", "jeff", String.Empty, ref users);
|
By Trent L. Taylor - 10/14/2010
First, I noticed that you are still talking straight to the StrataFrame database....this is REALLY bad mojo and you are going to have some major issues down the road if you continue to do this into a production environment. You should never let your run-time environment (production or testing) touch your development environment. The mingling of the two always spells disaster in the end.
Second, if you just open up SQL Server Management Studio, and query all of the SFSUSers, can you see the user you are trying to retrieve?
Next, if this shows up, then you need to compile StrataFrame in debug mode and step into the AuthenticateUser method to see if the database gets filled. One other thought, after you create the SFSUsersBO, check the users.DataSourceKey to see if it points to RBS. If that doesn't line up nothing will work.
|
By Jeff Pagley - 10/14/2010
Hi Trent,
You are right about talking staight to Strataframe. I do have the SF RBS tables in my testing/production database. I just changed this to help troubleshoot the problem. Also, I just want to make sure you know that this same code and database configuration works fine with a Windows Form. It is ONLY when I am attempting to use the code from a Web Form that it fails. So I don't know why I would need to debug Strataframe. I did query the SFSUsers from within SSMS and the records are there. Also, I did check the users.DataSourceKey and it is the correct one ("RBS").
Jeff
|
By Trent L. Taylor - 10/15/2010
Jeff,
I am going to have to ask you to double check your logic then. Remove all of the calls to SF RBS as this is just confusing the issue. I know for a fact, that if one can talk to it so can the other. This is nothing more than a business object retrieving data from a data source. So there has to be a wiring issue here.
Instead of calling the AuthorizeUser, use the same query you did in the SSMS on the users BO.
users.FillDataTable("SELECT * FROM SFSUSers WHERE....")
If you can't get that to talk, then your web environment and connection strings are not setup correctly. As for debugging, my point was not that it works in one and not the other. But rather, to see what the query was doing. So when you get to the point of calling the above query in your debug session, check the following:
- What is the data source key of the users BO instance?
- Check the connection to make sure it is valid immediately prior to executing the query: MicroFour.StrataFrame.Data.DataBasics.DataSources("RBS").ConnectionString
- Verify your query to make sure it is valid and double-check in SSMS
Jeff, I know you don't believe me  , but I know that this is a wiring issue. If the BO can see the right database, it will retrieve the data....period. This is where your issue is, once this is resolved, then you can move on to implementation.
|
By Jeff Pagley - 10/15/2010
Hi Trent,
The code below in the Web Form works fine and returns the correct count of one:
MicroFour.StrataFrame.Security.BusinessObjects.SFSUsersBO users = new MicroFour.StrataFrame.Security.BusinessObjects.SFSUsersBO();
users.FillDataTable("SELECT * FROM SFSUsers WHERE (us_sproj_PK = 1) AND (us_Username = N'jeff')" );
System.Diagnostics.Debug.Print(users.Count.ToString());
I know this is fustrating for the both of us, but I have no problem when using the SFSUsers BO object in the Web form in this test and the previous ones. Everything is connected and works fine. Is there a way to query the password field in this query to mimic the AuthenticateUser method? I know the password is correct, because I am able to use the same password in the AuthenticateUser function within my Windows Form and it works. So what's next?
Jeff
|
By Trent L. Taylor - 10/15/2010
No, otherwise the password would not be secure. It is embedded and encrypted. This is why I wanted you to debug. This way you can see what is returned. By not debugging, what could be a 5 minute problem could drag into days going back and forth on the forum. In the Login class in StrataFrame, the AuthenticateUser method will give you the answer:
On line 462 of Login.vb in the MicroFour StrataFrame Security assembly, you will see what is going on . There you can see what is retrieved and step until you see the password verified. I am going blind here. The only other option is to send me a sample that reproduces the steps....though I don't think that this is feasible since it is environment and getting this reproduced and to me may take even longer.
One other thought, in the WinForm app, manually call the AuthenticateUser method on a test form and see if you get the same results.
|
By Jeff Pagley - 10/15/2010
Hi Trent,
One other thought, in the WinForm app, manually call the AuthenticateUser method on a test form and see if you get the same results. As I mentioned in my previous posts, I have a test WinForm in a Windows project as part of the same solution which works just fine using the AuthenticateUser method. That was the first thing I tested before contacting the forum to verify my code was correct. Therefore, why would the same method AuthenticateUser from the same SF Security DLL assembly work for the WinForm and not for the Webform?
If you still want me to debug the Strataframe security module then exactly how do I compile the module into debug mode, point to the DLL and step into the code. I haven't done this before.
Jeff
|
By Greg McGuffey - 10/15/2010
Hi Jeff!
I'm going to jump in here to keep this moving.
Therefore, why would the same method AuthenticateUser from the same SF Security DLL assembly work for the WinForm and not for the Webform?
As Trent has said, this indicates that something isn't wired correctly. The reason for debugging is to figure out what isn't wired correctly. 
To setup the SF for debugging, you just need to open the SF source code project in VS and then build it in debug mode. This adds the debugging tokens and puts the built dll into the appropriate place for this to work. Be sure that the source your using matches the version your using.
Once this is done, I set a break point on the call to the AuthenticateUser and then step into SF code. When you get to the line Trent indicated you can investigate what's going on with the data retrieved. You can also check SecurityKeys, DataSource connections strings etc.
|
By Jeff Pagley - 10/16/2010
Greg/Trent,
I will be glad to debug the code to find out what is going on. I am sorry but I really don't know how to setup the Security DLL to be able to put it into debug mode so I can set a break point within it when I am calling it from my project. I have never done this before. I need step by step instructions.
Thanks,
Jeff
|
By Ivan George Borges - 10/17/2010
Hi Jeff.
1 - Download and install the source code from the SF website under My Account / Downloads if you haven't done so yet.
2 - Open the SF solution: "C:\Program Files (x86)\MicroFour\StrataFrame Source Code\MicroFour StrataFrame.sln"
3 - Set the Solution Configurations combobox to Debug:
If the combobox is not visible on the Build Toolbar, check the menu Tools / Options and check the "Show advanced build configurations":
You can also go to the menu Build / Configuration Manager and set the Configuration column:
4 - After this, Build the solution, which should place the DLLs onto the Common Files and the Assembly folders. Get out of Visual Studio. Please, check if the GAC was updated. You can even delete the SF DLLs from it and copy the ones from the Common Files folder ("C:\Program Files (x86)\Common Files\MicroFour\StrataFrame")
5 - Now, open your solution and set the break point as Trent and Greg have adviced you and you should be able to step into the SF code.
Hope it helps.
|
By Jeff Pagley - 10/18/2010
Hi Ivan,
Thanks for the info. I already knew all of that, I must have been doing something wrong. It is now enabling me to break into the code. BTW, you probably knew this but I needed to build the Security Solution.
After I am done troubleshooting, should I rebuild it in the Release mode?
Thanks,
Jeff
|
By Ivan George Borges - 10/18/2010
About rebuilding it into Release mode during development, I think that is your choice, either way.
Glad you got it going. 
|
By Jeff Pagley - 10/18/2010
Hi Trent,
Here are the results once I have stepped through Login Class:
Class Login
AuthenticateUser(...)
'-- Retrieve the user for the given username
loUsersBO.FillByUserName(Username)
.Count = 1 (Correct)
us_PK = 45 (Correct)
.DataSourceKey = "" (Correct)
If Not loUsersBO.IsDataValid() Then
Public Function IsDataValid() As Boolean
Me._UserName = "jeff" (Correct)
Return Me._Hash = CreateMD5HashHex(Me._UserName)
Returning - Me._Hash = "" (?????)
End Function
Return LoginResult.Failure
End If
The IsDataValid returns (_Hash = "") which is where the problem is. Therefore, IsDataValid() condition is True and returns LoginResult.Failure.
|
By Greg McGuffey - 10/18/2010
Assuming I'm reading your post correctly, the IsDataValid method returns false, thus Me._Hash != Me._UserName. (Me._UserName == "Jeff" and Me._Hash == "", right).
My first guess is that you haven't setup the security key and vector to match what is going on in the windows app, though this is a pretty shaky guess at this point. It seems that the only possible way this could be doing what you're seeing is if the data field from the row isn't decrypted correctly, and thus the has would not match.
The code that loads the BO sets the hash using what is already stored in the Data field. Thus, if there is a problem returning the correct original string from that hash, which uses the security vector and salt, then you'll end up with problems. I'm doing a bit more investigation, but this might solve the problem, so I thought I'd post it sooner rather than later.
|
By Jeff Pagley - 10/18/2010
Assuming I'm reading your post correctly, the IsDataValid method returns false, thus Me._Hash != Me._UserName. (Me._UserName == "Jeff" and Me._Hash == "", right).
That is correct.
I think what everyone is forgetting here is this exact same table and user record that the AuthenticateUser function is calling works just fine from a Windows Form. However, when I make the same call with the exact same table and user record from a WEB Form is when the IsDataValid is returning False (
|
By Trent L. Taylor - 10/18/2010
Jeff,
I've not forgotten about it. I am going to setup a test as I know that this is a configuration issue. If you could supply a sample that would be even better, so that we are working on the same set of settings and data. But I will see if I can tell where you are going wrong. I have never seen a situation this hard to setup, so there is definitely something in the mix.
|
By Greg McGuffey - 10/18/2010
Not forgetting, just trying to figure out why.
Check that the SetSecurityKeyAndVectorForUserAuthentication() is using the same key in both the windows and web app.
If that doesn't work, you may need to setup a sample app that reproduces the issue. The solution would include a winform app and a web project both using the same security db (that you'd include and that would obviously be a test db, not a real one).
|
By Trent L. Taylor - 10/18/2010
Good point, Greg!
|
By Jeff Pagley - 10/18/2010
By the way, I did some more troubleshooting and found that the _Cipher.Decrypt(...) method in the SFSUsersBO constuctor is throwing an exception when I am debugging from within the Web Form project. So the Me.ParseString(...) method is never called which causes the Me._Hash variable to be empty. Again, the method works fine from the Windows Form project. Within the attached zip file is a screen shot of the exception. I hope all of this helps. 
|
By Greg McGuffey - 10/18/2010
Not seeing the attachment Jeff....
|
By Jeff Pagley - 10/18/2010
I tried to attached a sample solution duplicating the problem along with the exception image (8 MB) and it tells me I have exceeded my available space. Therefore, I am going to email it to Trent/Support.
|
By Jeff Pagley - 10/20/2010
Hi Greg,
After clearing the attachments in my profile as you suggested, I was finally able to upload the attachment.
It has a simple solution that duplicates the Web User Authentication failure which includes the Windows Form project (works fine), the Web project, my BO class library and the SQLServer express 2005 database. Also, I did some more troubleshooting and found an exception was being thrown by _Cipher.Decrypt(…) method in the SFSUsersBO constructor when debugging from the Web Solution. I have included a screen shot of the exception info. By the way, I am using VS2008.
|
By Greg McGuffey - 10/20/2010
I haven't got this to run yet (I have to run an errand), but I did look at the code and the exception. You don't have a call to SetSecurityKeyAndVectorForUserAuthentication. Add this line in global.asax at the end of the start app method and see if it works.
SecurityBasics.SetSecurityKeyAndVectorForUserAuthentication( "MySecurityKey" );
Let me know. If there is still a problem, I'll get it running and see what else might be the issue.
|
By Jeff Pagley - 10/21/2010
You got to be kidding me!!!! After a week and half of shear fustration it comes down to one simple missing line of code in the Global.asax to fix the issue.  Obviously, you had mention this line of code a few posts back. But being new to ASP.NET, I was working off of the Global.asax in your Web Sample and I that's what got me confused. After all of this, I hope this will help others who are getting started with ASP.NET using Strataframe RBS. Probably it would be a good idea in the future to include this information in the Global.asax file in your Web Sample to help ASP.NET newbies like me. 
Thank you for all of your help and the awesome support!!!!!!
Jeff
|
By Greg McGuffey - 10/21/2010
I glad that fixed the issue. I'll talk to Trent about including a RBS version of a web sample too. Thanks for you persistence in getting this working Jeff!
|