2

Background: I am working on a product which is built using AngularJS in the front-end, and Microsoft Web Api in the back-end. The website is hosted on a Windows Server 2012 machine running IIS. We are using Windows authentication to connect to the machine.

The problem: Calling various API methods work flawlessly for me and the majority of users. But for some of the users, they cant perform certain API calls. Most of the endpoints work and return valid data, but a few methods never even gets reached.

This is the error in the iislog: 2016-05-26 12:25:23 xx.xx.xxx.xx POST /api/controller/method - 80 domain\user xx.xx.x.xx Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.1;+WOW64;+Trident/6.0) http://xxxxxx.com/#/Pagename 500 0 0 514

In the console in google chrome it says: Error: Access denied.

I have set the api to log all exceptions to a database, and no error is shown. So my theory is that the api doesnt even get reached when trying to perform these specific http methods.

I have tried searching for answers, but without any luck. Does anyone have any idea?

Markus Olsson
  • 197
  • 4
  • 14
  • If this works for some users and not others it is almost certainly an issue with privileges. – Mike Feltman May 26 '16 at 13:44
  • 1
    I'm not sure how your exception logging is working, but a 500 error usually indicates an uncaught exception was hit in the piece of code that was accessed by the API. So this may require further debugging of that code. – seminull May 26 '16 at 13:45
  • @Mike Feltman We control the priviledges by checking which Active directory security groups they belong to in the api, and they are in the same ones as us. The priviledge problem would then be related to the iis server which reject them before they reach the api, but only for these certain methods. They manage to get information from other methods in the same controller though! I'm very confused. – Markus Olsson May 26 '16 at 13:49
  • @seminull I have used this: http://stackoverflow.com/a/21382651/3592773 and it seems to catch every exception being thrown in the API. I verified it through tests. – Markus Olsson May 26 '16 at 13:50

1 Answers1

1

I finally found a solution to my problem, the exception being thrown was a DbEntityValidationException. It was thrown because some of the users names were too long to be inserted into the database table. It was not catched and properly displayed by my own general exception handling. I had to follow this guide to get the proper exception logged:

https://stackoverflow.com/a/6258174/3592773

Thanks for all the help and I hope this might help someone else in the future.

Community
  • 1
  • 1
Markus Olsson
  • 197
  • 4
  • 14