0

I have a back end c# service running an html/angularjs front end app. We have an authentication service, which may be the problem but I'm not sure..so i mentioned it just in case. We are able to login (....services/api/auth/login) and also able to get all the users (...services/api/users), but whenever we try to delete (...services/api/users/ + username, being sent as a DELETE call) or post/put(...services/api/users/ + username being sent as POST and PUT respectively) we are getting a 500 error.

The code looks like this: 

    [HttpGet]
    // GET api/users
    public IEnumerable<UserDTO> Get()
    {
        return (new LdapHelper()).GetAll();
    }

    [HttpDelete]
    // DELETE api/users/kmader
    public UserDTO Delete(string id)
    {
        if (id == null || id == String.Empty)
        {
            throw new ApplicationException("Id is null or empty, please verify the DELETE request is built correctly.");
        }

        return (new LdapHelper()).Delete(new UserDTO { UserName = id });
    }

This isn't all the code but I believe enough. As far as the web.config file, I am using a <identity impersonate="true"..... > tag because I saw somewhere that you needed that.

The error that I am getting is simply:

DELETE https://....Services/api/users/username 500 (Internal Server Error)

QUESTION: I wish I could be more clear, but my question is really that I have no idea what could be going on. Please comment for further details that may help.

EDIT A couple of you have mentioned debugging, and it should be mentioned that locally this isn't an issue. When it is published and deployed to our server is where this is going wrong...So I have access to the code but its all .dll files so I can't really debug there.

pnuts
  • 58,317
  • 11
  • 87
  • 139
discodane
  • 1,978
  • 4
  • 24
  • 37
  • Implement some logging. put a try/catch around the whole thing and log the exception to a simple text file. – Jonesopolis Aug 25 '15 at 21:46
  • " locally this isn't an issue." - the DELETE call works when you run the server and client locally? – Matt Aug 25 '15 at 21:52
  • Correct. So I'm just running the solution in visual studios...it runs on port 33805 and then I run the front end on Tomcat port 8080. Its when i publish the back end and deploy both to their own servers that I'm getting this issue. – discodane Aug 25 '15 at 22:10
  • When you publish your backend, is it connecting to a different database? Perhaps the ID you are trying to delete doesn't exist (yet). – Matt Aug 26 '15 at 00:22

2 Answers2

1

In the your client you should have access to the detailed error message. If the html/angularjs is making the calls to the back-end directly, you should be able to see the message in any browser's developer tool.


Since you mentioned " I am using a identity impersonate="true"..... tag because I saw somewhere that you needed that." Do you have:

<identity impersonate="true"/>

Or

<identity impersonate="true" userName="foo" password="bar"/>

The former makes your server impersonates the identity of the client, the latter impersonates the identity of "foo".

If on your development machine you have the correct permissions to delete or create users (because the server impersonated your Windows identity), it might not be the case in your production environment. This has nothing to do with authentication, but with the Windows identity your server is running under. See this post.

You could add a REST endpoint that returns the current identity (for testing):

[HttpGet]
public string GetCurrentPrincipal()
{
     var curr = System.Security.Principal.WindowsIdentity.GetCurrent();
     return curr == null ? string.Empty : curr.Name;
}

You can then compare the output from running locally vs running in your production environment.


You could try to seggregate the code that might be failing and provide specific error messages, for example:

[HttpDelete]
// DELETE api/users/kmader
public IHttpActionResult Delete(string id)
{
    if (id == null || id == String.Empty)
    {
        return BadRequest("Invalid id");
    }
    var ldap = new LdapHelper();
    UserDto user = null;
    try
    {
        user = ldap.Get(id);
        if (user == null)
        {
            // Don't disclose that the user doesn't exist
            return BadRequest("Invalid id");
        }
        return ldap.Delete(user);
    }
    // Return an error specific to the exception caught
    // For example, no permissions to delete users
    catch (LDAPException ldapex)
    {
         return Request.CreateResponse(HttpStatusCode.ServerError, "Permission denied");
    }
    catch (Exception ex)
    {
        return Request.CreateResponse(HttpStatusCode.ServerError, "Generic LDAP failure");
    }
}

If you don't have WebApi 2, you can use a combination of [ExceptionHandling] attribute and HttpResponseException instead. Using an exception filter would also prevent your code from being littered with try/catch. Check this post for more information

Community
  • 1
  • 1
Julien Lebot
  • 3,092
  • 20
  • 32
0

500 (Internal Server Error) really points towards the server being the issue.

Does the return call have any more information related to the call?

Next Steps:

Get on the server end and set up some logging on that specific call and see what exception is being thrown, where its breaking.

If there is no ID being sent to the server, it still needs to return something (BAD REQUEST?) other than 500 Internal Server Error.

Matt
  • 619
  • 3
  • 8
  • 23