Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

SecurityException on attempting to log in with LDAP



  • We have a ProGet 4.1.3 system we just upgraded to 4.6.0. It is configured to allow users to access via LDAP integration tied to an Active Directory.

    While package list and restore through the NuGet command line works, if the user tries to look at the web application (https://url.to.my.proget.server/log-in?ReturnUrl=%2F) you get a security exception:

    Security Exception
    
    Description: The application attempted to perform an operation not allowed by the security policy.  To
             grant this application the required permission please contact your system administrator or
             change the application's trust level in the configuration file. 
    
    Exception Details: System.Security.SecurityException: User Anonymous not found in directory LDAP.
    
    Stack Trace: 
    
    [SecurityException: User Anonymous not found in directory LDAP.]
       Inedo.ProGet.WebApplication.ProGetHttpModule.AuthorizeRequestAsync(HttpApplication app) +589
       Inedo.Web.InedoHttpModule.ProcessBegin(Object sender, EventArgs e, AsyncCallback cb, Object extraData) +116
       System.Web.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +634
       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +137
    

    Other things that may or may not be of interest:

    • I do not have Windows authentication enabled - only anonymous authentication. We aren't interested in pass-through auth.
    • We're using a manual install because our database is stored in an Azure SQL database and the full automated installer doesn't like that - it tells me the database doesn't exist though it clearly does.
    • The manual update process for the web app was, basically, to just replace the contents of the web app (bin, Resources, Web.config) and then ensure the connection string was right. I didn't change the IIS settings.
    • If you hit the home page as an anonymous user that works fine. It's just when you click the "Log In" link that you get the exception.

    Product: ProGet
    Version: 4.6.0



  • Thanks for the report Travis; this will be addressed in [PG-673] slated for 4.6.1, shipping ASAP.



  • Verified - the problem is resolved after upgrade to 4.6.1. Thanks!



Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation