• State Suggested Answer
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 94 subscribers
  • Views 156 views
  • Users 0 members are here
Options
Related

Get rid of DialogUsers for AutoUpdateUserAuth

prueegg
22 days ago

Hi

I'm in Version 9.2 and I want to improve security by using Windows Integrated Security as much as possible.

I'm able to connect the ApplicationServer with "Integrated Security=true" to the DB and I'm able to connect the WebDesigner Portal as well as the ApiServer to the AppServer.

What is missing is the part with the AutoUpdateUserAuth.

It seems, that I can't take the "Module=ADSAccount" for that. Or should it work?

The problem with the DialogUser Auth is, that the effort to change the password for that user is some kind of effort I want to avoid, since it has to be updated in the DialogUser Table, and in the web.config files.

Are there any other options?

btw. The error with the AuthenticationModule ADSAccount is:

2024-06-11 10:11:57.3792 ERROR (    WebLog hdfd3lwbqy22bdg4jm4yu02a) : VI.DB.Entities.SessionExpiredException: Ihre Sitzung ist abgelaufen. Melden Sie sich erneut an. VI.DB.Entities.SessionExpiredException: Ihre Sitzung ist abgelaufen. Melden Sie sich erneut an. ---> ServiceStack.WebServiceException: Please authenticate a session first.
   at ServiceStack.AsyncServiceClient.<SendWebRequestAsync>d__155`1.MoveNext() in /home/runner/work/ServiceStack/ServiceStack/ServiceStack/src/ServiceStack.Client/AsyncServiceClient.cs:line 438
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at ServiceStack.AsyncServiceClient.<SendWebRequestAsync>d__155`1.MoveNext() in /home/runner/work/ServiceStack/ServiceStack/ServiceStack/src/ServiceStack.Client/AsyncServiceClient.cs:line 458
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at QBM.AppServer.Client.AppServerClient.<GetAsync>d__27`1.MoveNext()
   --- End of inner exception stack trace ---
   at QBM.AppServer.Client.AppServerClient.<GetAsync>d__27`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at QBM.AppServer.Client.ServiceScriptSupplier._ServiceAssemblyProvider.<GetScriptAssemblyAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VI.DB.Scripting.CachingAssemblyProvider.<_CacheSourceClass>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VI.DB.Scripting.CachingAssemblyProvider.<<-ctor>b__3_0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VI.DB.Scripting.DynamicAssemblyProviderBase.<GetScriptAssemblyAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VI.Base.SyncActions.Do[T](Func`1 function)
   at VI.WebRuntime.ApplicationInfoGroup.LoadWebAssemblyWithFallback(IWebAppDbConfig webAppDbConfig, String databaseId, IWebProjectAssemblyLoader assemblyStore, String webProjectName, Boolean loadBranchAssemblies)
   at VI.WebRuntime.ApplicationInfoGroup.LoadWebAssemblyWithFallback(IWebAppDbConfig webAppDbConfig, String databaseId, IWebProjectAssemblyLoader assemblyStore, String webProjectName, Boolean loadBranchAssemblies)
   at VI.WebRuntime.ApplicationInfoGroup.LoadAppInfoSafe(IWebAppDbConfig webAppDbConfig, IWebProjectAssemblyLoader assemblyStore, ITempFileManager tempFileManager, String webProjectName, Int32 projectGroupIndex, Boolean loadBranchAssemblies)
   at VI.WebRuntime.ApplicationInfoGroup.LoadAppInfo(IWebAppDbConfig webAppDbConfig, IWebProjectAssemblyLoader assemblyStore, String webProjectName, Int32 projectGroupIndex, Boolean loadBranchAssemblies)
   at VI.WebRuntime.ConfigurationUpdater.LoadAppInfoGroup(IApplicationInfoGroup appInfoGroup, Boolean loadBranchAssemblies, String projectName, Int32 projectGroupIndex)
   at VI.WebRuntime.ConfigurationUpdater.GetMainAppInfoGroup(Boolean forceCheckImmediately)
   at VI.WebRuntime.ConfigurationUpdater.GetAppInfoGroup(String branchId, Boolean forceCheckImmediately)
   at VI.WebRuntime.Communication.RequestAuthenticationModule.GetApplicationInfoForCurrentRequest(HttpRequestBase request, String branchId)
   at VI.WebRuntime.Communication.RequestAuthenticationModule.Execute(IRequestModuleInfo validatorModuleInfo)
   at VI.WebRuntime.Communication.HttpModuleWebRuntime.ContextOnPreRequestHandlerExecuteInternal()    at QBM.AppServer.Client.AppServerClient.<GetAsync>d__27`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at QBM.AppServer.Client.ServiceScriptSupplier._ServiceAssemblyProvider.<GetScriptAssemblyAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VI.DB.Scripting.CachingAssemblyProvider.<_CacheSourceClass>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VI.DB.Scripting.CachingAssemblyProvider.<<-ctor>b__3_0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VI.DB.Scripting.DynamicAssemblyProviderBase.<GetScriptAssemblyAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VI.Base.SyncActions.Do[T](Func`1 function)
   at VI.WebRuntime.ApplicationInfoGroup.LoadWebAssemblyWithFallback(IWebAppDbConfig webAppDbConfig, String databaseId, IWebProjectAssemblyLoader assemblyStore, String webProjectName, Boolean loadBranchAssemblies)
   at VI.WebRuntime.ApplicationInfoGroup.LoadWebAssemblyWithFallback(IWebAppDbConfig webAppDbConfig, String databaseId, IWebProjectAssemblyLoader assemblyStore, String webProjectName, Boolean loadBranchAssemblies)
   at VI.WebRuntime.ApplicationInfoGroup.LoadAppInfoSafe(IWebAppDbConfig webAppDbConfig, IWebProjectAssemblyLoader assemblyStore, ITempFileManager tempFileManager, String webProjectName, Int32 projectGroupIndex, Boolean loadBranchAssemblies)
   at VI.WebRuntime.ApplicationInfoGroup.LoadAppInfo(IWebAppDbConfig webAppDbConfig, IWebProjectAssemblyLoader assemblyStore, String webProjectName, Int32 projectGroupIndex, Boolean loadBranchAssemblies)
   at VI.WebRuntime.ConfigurationUpdater.LoadAppInfoGroup(IApplicationInfoGroup appInfoGroup, Boolean loadBranchAssemblies, String projectName, Int32 projectGroupIndex)
   at VI.WebRuntime.ConfigurationUpdater.GetMainAppInfoGroup(Boolean forceCheckImmediately)
   at VI.WebRuntime.ConfigurationUpdater.GetAppInfoGroup(String branchId, Boolean forceCheckImmediately)
   at VI.WebRuntime.Communication.RequestAuthenticationModule.GetApplicationInfoForCurrentRequest(HttpRequestBase request, String branchId)
   at VI.WebRuntime.Communication.RequestAuthenticationModule.Execute(IRequestModuleInfo validatorModuleInfo)
   at VI.WebRuntime.Communication.HttpModuleWebRuntime.ContextOnPreRequestHandlerExecuteInternal()

  • 0 22 days ago

    Hi ,

    The ADSAccount module is not designed to work for this purpose. The AutoUpdateUserAuth is used by the WebDesigner and API Server to connect to the application server outside of an end-user context. These servers need some way to authenticate to the application server to read information, and they are not providing AD account information so integrated AD security won't work.

    For this purpose, the installation tool creates dedicated users in DialogUser. These are created with a flag so that their passwords do not expire. That means that you don't have to reconfigure the servers with new passwords regularly.

    Is there another problem with the DialogUser authentication?

  • 0 22 days ago

    I've found the answer myself: The AppServer must ensure Windows Authentication.
    After I disabled Anonymous authentication on the AppServer it works.

    Of course, I have to allocate a Person with a DialogUser with QBMBase Rights for it.


  • 0 22 days ago in reply to Hanno Bunjes

    The problem is, that never expiring passwords isn't state of the art anymore.
    So, we want to eliminate that as far as possible.