HttpProxy Authentication Problem

[jdchristian]

I apologize if this is a stupid question. I have spent several hours trying to figure this our and finally decided to ask for help. I have a Web Forms UI connecting to a .NET MVC HttpProxy. I place a call to get a list from a CSLA business object and it works great if I don't authenticate the user by setting the Csla.ApplicationContext.User (unauthenticated works). As soon as I set Csla.ApplicationContext.User to an authenticated principle (PTPricinpal from Project Tracker), the same call to retrieve the list fails with "Unable to read beyond the end of the stream." If I go local, instead of using the HttpProxy, it works fine. When I stop execution at

public static PrinterList GetPrinterList()
{
return DataPortal.Fetch();
}

and show the Csla.ApplicationContext.User, I see the user I set on the client-side.

Can someone point me in the right direction to resolve this?

Thanks!

[rockfordlhotka]

Can you catch that exception and capture ex.ToString(), then post it here?

[jdchristian]

Csla.DataPortalException: Unable to read beyond the end of the stream.
   at Csla.DataPortal`1.Fetch(Type objectType, Object criteria) in C:\\src\\rdl\\csla\\Source\\Csla.Shared\\DataPortalT.cs:line 408
   at Csla.DataPortal`1.Fetch(Object[] criteria) in C:\\src\\rdl\\csla\\Source\\Csla.Shared\\DataPortalT.cs:line 398
   at Csla.DataPortal.Fetch[T](Object[] criteria) in C:\\src\\rdl\\csla\\Source\\Csla.Shared\\DataPortal.cs:line 220
   at Csla.DataPortal.Fetch[T]() in C:\\src\\rdl\\csla\\Source\\Csla.Shared\\DataPortal.cs:line 232
   at NSERT.Library.PrinterList.GetPrinterList() in C:\\Users\\jchristian\\source\\repos\\NSERT\\NSERT\\NSERT.BusinessLibrary.Shared\\PrinterList.cs:line 41
------------------------------
System.IO.EndOfStreamException: Unable to read beyond the end of the stream.
   at System.IO.BinaryReader.ReadString()
   at System.Security.Claims.Claim.Initialize(BinaryReader reader, ClaimsIdentity subject)
   at System.Security.Claims.Claim..ctor(BinaryReader reader, ClaimsIdentity subject)
   at System.Security.Claims.ClaimsIdentity.Initialize(BinaryReader reader)
   at System.Security.Claims.ClaimsIdentity..ctor(BinaryReader reader)
   at System.Security.Claims.ClaimsPrincipal.CreateClaimsIdentity(BinaryReader reader)
   at System.Security.Claims.ClaimsPrincipal.Initialize(BinaryReader reader)
   at System.Security.Claims.ClaimsPrincipal..ctor(BinaryReader reader)
   at Csla.Serialization.Mobile.MobileFormatter.DeserializeAsDTO(List`1 deserialized) in C:\\src\\rdl\\csla\\Source\\Csla.Shared\\Serialization\\Mobile\\MobileFormatter.cs:line 265
   at Csla.Serialization.Mobile.MobileFormatter.Deserialize(Stream serializationStream) in C:\\src\\rdl\\csla\\Source\\Csla.Shared\\Serialization\\Mobile\\MobileFormatter.cs:line 228
   at Csla.Serialization.Mobile.MobileFormatter.Deserialize(Byte[] data) in C:\\src\\rdl\\csla\\Source\\Csla.Shared\\Serialization\\Mobile\\MobileFormatter.cs:line 403
   at Csla.Server.Hosts.HttpPortal.<Fetch>d__1.MoveNext() in C:\\src\\rdl\\csla\\Source\\Csla.Web.Mvc.Shared\\Server\\Hosts\\HttpPortal.cs:line 117
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Csla.Server.Hosts.HttpPortalController.<CallPortal>d__6.MoveNext() in C:\\src\\rdl\\csla\\Source\\Csla.Web.Mvc.Shared\\Server\\Hosts\\HttpPortalController.cs:line 252
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Csla.Server.Hosts.HttpPortalController.<InvokePortal>d__5.MoveNext() in C:\\src\\rdl\\csla\\Source\\Csla.Web.Mvc.Shared\\Server\\Hosts\\HttpPortalController.cs:line 230
"

[rockfordlhotka]

Also, what version of CSLA and what version of .NET an d what version of ASP.NET?

[jdchristian]

Sorry, I should have included that in the original post.
CSLA v5.1.0 (NuGet Packages)
.NET 4.7.2
If I understand how to read the ASP.NET version right, it is 4.0.30319.42000

Thanks!

[rockfordlhotka]

Interesting. Version 5.1 includes code to wrap ClaimsPrincipal for serialization.

So now I'm wondering what type is your principal and your identity? The serializer is clearly hitting some principal type that contains a ClaimsIdentity, and so I'm thinking that the principal type is neither ClaimsPrincipal nor CslaClaimsPrincipal.

[jdchristian]

I have tried two methods with the same results. Initially, I used the PTIdentity and PTPricipal from ProjectTracker. I have also tried:

            var identity = NSERT.Library.Security.PTIdentity.GetPTIdentity("admin", "admin");
            var baseidentity = new ClaimsIdentity(identity.AuthenticationType);
            baseidentity.AddClaim(new Claim(ClaimTypes.Name, identity.Name));
            if (identity.Roles != null)
                foreach (var item in identity.Roles)
                    baseidentity.AddClaim(new Claim(ClaimTypes.Role, item));
            var principal = new System.Security.Claims.ClaimsPrincipal(baseidentity);
            Csla.ApplicationContext.User = principal;

It is likely my lack of understanding of how claims work, but I am lost right now.

[rockfordlhotka]

Try looking at the BlazorCslaAuthentication sample from my Blazor book. It has the most current authentication model for modern ASP.NET and CSLA.

Specifically the code in the Login page

[jdchristian]

Will do! Thank you.

James