2

I've made a custom auth provider for LDAP (Active Directory) based on the CredentialsAuthProvider. Following the docs I've overridden TryAuthenticate and OnAuthenticated, returning true at the end. I've also tried without OnAuthenticated.

I'm using UseDistinctRoleTables for the OrmLiteAuthRepository, and I've observed in the tables that roles are being created in UserRole.

However I'm getting the exception: ArgumentNullException. Fieldname "s".

"stackTrace": "[Authenticate: 20/03/2020 16:46:30]:
[REQUEST: {provider:Credentials,userName:xxxx,password:yyyy}]
System.ArgumentNullException: Value cannot be null.
Parameter name: s
   at lambda_method(Closure , Object , List`1 )
   at ServiceStack.OrmLite.SqlExpression`1.EvaluateExpression(Expression m) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\Expressions\\SqlExpression.cs:line 2374
   at ServiceStack.OrmLite.SqlExpression`1.VisitBinary(BinaryExpression b) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\Expressions\\SqlExpression.cs:line 1658
   at ServiceStack.OrmLite.SqlExpression`1.VisitBinary(BinaryExpression b) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\Expressions\\SqlExpression.cs:line 1622
   at ServiceStack.OrmLite.SqlExpression`1.VisitLambda(LambdaExpression lambda) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\Expressions\\SqlExpression.cs:line 1589
   at ServiceStack.OrmLite.SqlExpression`1.AppendToWhere(String condition, Expression predicate) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\Expressions\\SqlExpression.cs:line 555
   at ServiceStack.OrmLite.ReadExpressionCommandExtensions.Select[T](IDbCommand dbCmd, Expression`1 predicate) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\Expressions\\ReadExpressionCommandExtensions.cs:line 22
   at ServiceStack.OrmLite.OrmLiteExecFilter.Exec[T](IDbConnection dbConn, Func`2 filter) in C:\\BuildAgent\\work\\27e4cc16641be8c0\\src\\ServiceStack.OrmLite\\OrmLiteExecFilter.cs:line 64
   at ServiceStack.Auth.OrmLiteAuthRepositoryBase`2.<>c__DisplayClass33_0.<GetRoles>b__0(IDbConnection db) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack.Server\\Auth\\OrmLiteAuthRepository.cs:line 571
   at ServiceStack.Auth.OrmLiteAuthRepository`2.Exec[T](Func`2 fn) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack.Server\\Auth\\OrmLiteAuthRepository.cs:line 51
   at ServiceStack.Auth.AuthenticateService.Post(Authenticate request) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Auth\\AuthenticateService.cs:line 231
   at ServiceStack.Host.ServiceRunner`1.ExecuteAsync(IRequest req, Object instance, TRequest requestDto) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Host\\ServiceRunner.cs:line 133",

I've stripped down my code. In Startup.cs:

Plugins.Add(new AuthFeature( () => new AuthUserSession(),
            new IAuthProvider[] {
                new LdapCredentialsAuthProvider(AppSettings),
specimen
  • 1,735
  • 14
  • 23
  • The [Exception is trying to select `UserAuthRole` table](https://github.com/ServiceStack/ServiceStack/blob/7979da907a0da4ccbda8d7d36e1d48718771a330/src/ServiceStack.Server/Auth/OrmLiteAuthRepository.cs#L571), can't workout what the issue is w/o a repro, but if you've done any customizations with that table or non-default configuration I'd look there. – mythz Mar 20 '20 at 17:10
  • which test should I run to repro the issue, none of these are integration tests which test the Authentication? – mythz Mar 20 '20 at 19:15
  • I just call /auth/credentials with a json payload through postman. – specimen Mar 20 '20 at 19:30
  • In future please include the exact steps you did to repro it on your README or if you're going to provide custom tests in our repro project please clearly mark which test to run to repro it, took me a while to go through your tests to workout none of them were relevant and never worked. – mythz Mar 20 '20 at 19:38
  • My apologies @mythz and thank you very much for helping me! – specimen Mar 20 '20 at 19:48
  • PS: Deleted my repo, bad code. – specimen Mar 20 '20 at 20:32

1 Answers1

2

The issue is ServiceStack's AuthenticateService is trying to populate the AuthenticateResponse Roles and Permissions but your Custom AuthProvider isn't populating the session.UserAuthId which is used to query the Auth Repository for the roles.

The solution is for your Custom AuthProvider to populate the Sessions UserAuthId with the Id of the Authenticated User.

You can also prevent this Exception by disabling ServiceStack from trying to populate the Roles/Permissions by setting IncludeRolesInAuthenticateResponse=false, e.g:

Plugins.Add(new AuthFeature( () => new AuthUserSession(),
    new IAuthProvider[] {
        new LdapCredentialsAuthProvider(AppSettings),                     
    }, 
    "/login.html"
) {
    IncludeRolesInAuthenticateResponse = false,
});

In the next ServiceStack v5.8.1 now on MyGet it wont try attempting to retrieve the roles if the UserAuthId isn't populated, but your Custom AuthProvider should still be populating it with the Unique Id of the Authenticated User.

mythz
  • 141,670
  • 29
  • 246
  • 390
  • That worked (of course), just hard to track down the paramter "s", and my bad minimal example code. Anyway, maybe you should include it in the documentation, https://docs.servicestack.net/authentication-and-authorization#custom-authentication-and-authorization, for the next guy? – specimen Mar 20 '20 at 20:30
  • @specimen it doesn’t try loading roles in the latest version without the UserAuthId – mythz Mar 20 '20 at 20:32