Azman Security Block Provider - Authorise Arguments

Topics: Security Application Block
Oct 19, 2010 at 11:34 AM

Hello,

I am trying to use the Azman security provider blocks, currently with an XML data source, and am rather stuck with an annoying

"Value does not fall within the expected range." error.

I am basing my application on the Security sample app. you have provided with EntLib 5 with regards to principal cache and suchlike but I am just stuck!

Here is the exception details, any obvious issues that may stick out before I post config etc. would be greatly appreciated:

System.ArgumentException was unhandled
  Message=Value does not fall within the expected range.
  Source=Microsoft.Interop.Security.AzRoles
  StackTrace:
       at Microsoft.Interop.Security.AzRoles.AzAuthorizationStoreClass.Initialize(Int32 lFlags, String bstrPolicyURL, Object varReserved)
       at Microsoft.Practices.EnterpriseLibrary.Security.AzMan.AzManAuthorizationProvider.GetClientContext(WindowsIdentity identity, String applicationName, IAzApplication& azApp)
       at Microsoft.Practices.EnterpriseLibrary.Security.AzMan.AzManAuthorizationProvider.CheckAccessTasks(String auditIdentifier, WindowsIdentity identity, String[] tasks)
       at Microsoft.Practices.EnterpriseLibrary.Security.AzMan.AzManAuthorizationProvider.Authorize(IPrincipal principal, String context)
       at Mears.MCS.WinClient.Application.Program.AuthorizeUserWithRules(IPrincipal principal, IAuthorizationProvider authProvider) in W:\EXETERXP14_MEARSCARE_ALL\SourceCode\DevStream\WinClient\Mears.MCS.WinClient.Application\Program.cs:line 155
       at Mears.MCS.WinClient.Application.Program.AuthWithAzMan() in W:\EXETERXP14_MEARSCARE_ALL\SourceCode\DevStream\WinClient\Mears.MCS.WinClient.Application\Program.cs:line 174
       at Mears.MCS.WinClient.Application.Program.Main() in W:\EXETERXP14_MEARSCARE_ALL\SourceCode\DevStream\WinClient\Mears.MCS.WinClient.Application\Program.cs:line 249
       at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
       at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
       at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ThreadHelper.ThreadStart()
  InnerException:

Many Thanks

Oct 19, 2010 at 1:08 PM

OK, comparing the error to the EntLib source code it seems the error is occuring when trying to initialise the Azman interop in the function:

 

		private IAzClientContext GetClientContext(WindowsIdentity identity, String applicationName, out IAzApplication azApp)
{
lock (contextLock)
{
AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
store.Initialize(0, this.storeLocation, null);
azApp = store.OpenApplication(applicationName, null);
}

ulong tokenHandle = (ulong)identity.Token.ToInt64();
IAzClientContext clientCtx = azApp.InitializeClientContextFromToken(tokenHandle, null);
return clientCtx;
}

 

I hae messed around with the URL of the store xml file and the only thing I can get to work is

msxml://Test.xml

Which translates as C:\Test.xml, but using "msxml://C:/Test.xml" doesn't work. Any ideas?

I have checked the interop documentation:

http://msdn.microsoft.com/en-us/library/Aa376359

And the C: .... file location string looks fine.

 

So, now that it's finding this file, the interop is now throwing the exception below. Ideas?

 

System.Security.SecurityException was unhandled
  Message=The request is not supported. (Exception from HRESULT: 0x80070032)
  Source=Microsoft.Practices.EnterpriseLibrary.Security.AzMan
  StackTrace:
       at Microsoft.Practices.EnterpriseLibrary.Security.AzMan.AzManAuthorizationProvider.CheckAccessTasks(String auditIdentifier, WindowsIdentity identity, String[] tasks)
       at Microsoft.Practices.EnterpriseLibrary.Security.AzMan.AzManAuthorizationProvider.Authorize(IPrincipal principal, String context)
       at Mears.MCS.WinClient.Application.Program.AuthorizeUserWithRules(IPrincipal principal, IAuthorizationProvider authProvider) in W:\EXETERXP14_MEARSCARE_ALL\SourceCode\DevStream\WinClient\Mears.MCS.WinClient.Application\Program.cs:line 154
       at Mears.MCS.WinClient.Application.Program.AuthWithAzMan() in W:\EXETERXP14_MEARSCARE_ALL\SourceCode\DevStream\WinClient\Mears.MCS.WinClient.Application\Program.cs:line 172
       at Mears.MCS.WinClient.Application.Program.Main() in W:\EXETERXP14_MEARSCARE_ALL\SourceCode\DevStream\WinClient\Mears.MCS.WinClient.Application\Program.cs:line 247
       at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
       at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
       at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ThreadHelper.ThreadStart()
  InnerException: System.Runtime.InteropServices.COMException
       Message=The request is not supported. (Exception from HRESULT: 0x80070032)
       Source=Microsoft.Interop.Security.AzRoles
       ErrorCode=-2147024846
       StackTrace:
            at Microsoft.Interop.Security.AzRoles.AzAuthorizationStoreClass.Initialize(Int32 lFlags, String bstrPolicyURL, Object varReserved)
            at Microsoft.Practices.EnterpriseLibrary.Security.AzMan.AzManAuthorizationProvider.GetClientContext(WindowsIdentity identity, String applicationName, IAzApplication& azApp)
            at Microsoft.Practices.EnterpriseLibrary.Security.AzMan.AzManAuthorizationProvider.CheckAccessTasks(String auditIdentifier, WindowsIdentity identity, String[] tasks)
       InnerException:

Oct 19, 2010 at 3:00 PM

Right then, answering my own posts here, but I've fixed it, but it's a weird one!

Copied the xml store file onto the root of another disk on my machine and checked that the permissions were the same.

Then I read this article about Azman set-up:

http://technet.microsoft.com/en-us/library/cc758696(WS.10).aspx

Which suggested that the provider name should be capitialised, e.g MSXML://......

So I fully justified the file location again, capitialised and it worked!

Confused? I am but I'll take it!

Cheers