RE: 'Inedo.ProGet.Web.Security.UserNotFoundException' on application startup

many swear words. I must have been so close to that solution by accident.

Yep that's working now thanks very much Rich.

Hi Rich,

Yes, I have tried several times to recycle and reboot the server, it still gives me the same issue.

Thanks for looking into this.

Thanks for getting back to me Rich. I have run a number unit tests against the TryGetUser method and I struggle to make it break unless I provide it with invalid parameters. I think the issue is the UserDirectory.TryGetUserAsync method which appears to be running outside of the InedoCore library.

We are using InedoHub, with IIS.

With Integrated Windows Authentication disabled, can you verify you can login with the following usernames using the Login Page:

1. Using username - works
2. Using username@domain.com - works
3. Using DOMAIN\username - works

I have emailed this to you.

Please let me know if you any further information.

Thanks,

Darren

Thanks @gdivis, I have managed to update the extension as required. I have reviewed the code and it would appear to be finding my username successfully when called from this stack trace:

- Called by: ADUserDirectoryV4.TryGetPrincipal
- Called by: ADUserDirectoryV4.TryGetUser
- Called by: <ProcessRequestInternalAsync>d__0.MoveNext
- Called by: AsyncMethodBuilderCore.Start
- Called by: AsyncTaskMethodBuilder.Start
- Called by: IntegratedAuthHandler.ProcessRequestInternalAsync

However when it is called from here:

 - Called by: ADUserDirectoryV4.TryGetPrincipal
 - Called by: ADUserDirectoryV4.TryGetUser
 - Called by: UserDirectory.TryGetUserAsync
 - Called by: <ProcessRequestInternalAsync>d__0.MoveNext
 - Called by: AsyncMethodBuilderCore.Start
 - Called by: AsyncTaskMethodBuilder.Start

It fails, because it passes through domain\5cusername to the LDAP search, even without the 5C in the search parameters, this would have never worked, as the LDAP query returns no results when I test it in PowerShell.

How do I disable the second search?

Thanks for the suggestion @atripp, I can see now how to update the version that I am using so that I can debug the issue, however every time I run the command to create the upack file:

dotnet inedoxpack pack . --build Release

I get:

Executing dotnet publish for InedoExtension.csproj (net8.0)...
No extensions were found in [redacted]\AppData\Local\Temp\inedoxpack\9071c72b2a204ce4b73abe172916f842

any idea what I have done wrong here?

I am following the guide here

@atripp Thanks for providing a link to the code, I have managed to download it and create some unit tests against the class in question.

I can not reproduce the issue locally, however, so I need to see if I can understand what is being used by the program at the point of search.

I would like to add this line:

this.LogDebug($"Searching domain using BaseDn: {baseDn}, search string: {searchString.ToString()}, scope: {scope} and username of: {this.Username?.GetDomainQualifiedName(this.Domain)}...");

to before this line

so that I can understand what the program is using in it's search params.

I have also tried configuring Stdout to a file but this does not provide enough information other than what I found in the event log.

It should be noted that the Test User Directories tool is successful with my current configuration:

I have also upgraded to the latest version of ProGet.

Hi @stevedennis

I think I have worked out what is going on.

Our domain is called: domain.company.com
but my user principal name (UPN) is username@company.com

If I set the Netbios to either domain=domain.company.com or domain=company.com it is does not work I think it because you are using the same string mapping from the Netbios screen to do the domain search.

It should be noted that not all users have a UPN of @company.com, our groups for example would use: @domain.company.com

I have tested the filter (&(objectCategory=user)(sAMAccountName=username)) that is provided in the debug output with the get-aduser -ldapfilter PowerShell function and I get back my account, so I know this works.

For clarity (&(objectCategory=user)(sAMAccountName=domain\username)) does not work in PowerShell.

I also am able to lookup groups and logins in the search when setting permissions in the interface. I am able to test the login using this button below.

I should add that the server, lookup account and my account are all on the same domain.

@atripp said in 'Inedo.ProGet.Web.Security.UserNotFoundException' on application startup:

/debug/integrated-auth

Thanks @atripp, that URL helped.

I am seeing something a bit weird though:

Additional messages:

• Trying to a Users search for principal "username@domain.com"...
• Search string is "(&(objectCategory=user)(sAMAccountName=username))"...
• Searching domain domain.com...
• Trying to a Users search for principal "domain\username"...
• Search string is "(&(objectCategory=user)(sAMAccountName=domain\5Cusername))"...
• Searching domain domain.com...
• Principal not found.

It seems to have added extra characters into the search? 5C?

Test User Directories works though.

We trialing a Basic licence, not sure if that matters?

Hi Proget,

I am trialing out your software and I cannot get the Windows Authentication to work when I start the application up. I have configured the domain access and I can add domain users to the permissions but whenever I turn windows authentication on in IIS it fails to start up with this error (found in the event log):

Category: Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer
EventId: 2
SpanId: f0764a21bc4f2d94
TraceId: b2ca837a006f687574ebcf26061b736b
ParentId: 0000000000000000
RequestId: 40000049-0000-ff00-b63f-84710c7967bb
RequestPath: /
Connection ID "18374686480476930118", Request ID "40000049-0000-ff00-b63f-84710c7967bb": An unhandled exception was thrown by the application.
Exception:
Inedo.ProGet.Web.Security.UserNotFoundException: Exception of type 'Inedo.ProGet.Web.Security.UserNotFoundException' was thrown.
at Inedo.ProGet.WebApplication.ProGetHttpModule.AuthorizeRequestAsync(AhHttpApplication app)
at Inedo.Web.InedoHttpModule.Inedo.Web.IAhWebModule.AuthorizeRequestAsync(AhHttpApplication app)
at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
at Inedo.Web.AhWebHost.<>c.<b__22_0>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT`1.ProcessRequestAsync()

Any suggestions what I have done wrong? I searched your documentation but there was nothing obvious.

Thanks,

Darren