With Scott's latest changes, I was able to log in and out as different users successfully using StonehengeIdentity. I was also able to buy and sell stocks (as different users) in Stocktrader with no problems.
Joby ________________________________________ From: Scott Golightly [[email protected]] Sent: Thursday, September 03, 2009 12:43 AM To: [email protected] Subject: RE: [jira] Commented: (STONEHENGE-73) Change Stonehenge to use claims based security I missed a file in my testing. I have made the change and uploaded a newer version of the zip file. The only changes I made was to include Orders.aspx and Orders.aspx.cs which should be put in the trader_client\Trade directory. I also updated the PassiveStsInstallationReadMe.txt file with instructions to copy the appropriate files into the common directory. Scott -----Original Message----- From: Joby Abragan-Lee [mailto:[email protected]] Sent: Wednesday, September 02, 2009 2:53 PM To: [email protected] Subject: RE: [jira] Commented: (STONEHENGE-73) Change Stonehenge to use claims based security Scott, Forget my previous email (below). I was getting the previous error because my web application was pointing to the wrong folder. My mistake. Anyway, I successfully logged in to Stocktrader using StonehengeIdentity, but when I attempted to buy, I got the following error: The parameterized query '(@userId varchar(20))Set NOCOUNT ON; SELECT ACCOUNTID FROM dbo.A' expects the parameter '@userId', which was not supplied While debugging, I found that "HttpContext.Current.User.Identity.Name" was null when assigned to variable "userid" in the Page_Load event of Order.aspx. Joby ________________________________________ From: Joby Abragan-Lee [[email protected]] Sent: Wednesday, September 02, 2009 2:04 PM To: [email protected] Subject: RE: [jira] Commented: (STONEHENGE-73) Change Stonehenge to use claims based security Scott, While running in debug mode, I encountered the following error after logging in: A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri..."). Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri..."). Source Error: [No relevant source lines] Source File: c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\trade\aaecf40d\723af044\App_Web_qcfqiqyn.14.cs Line: 0 Stack Trace: [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...").] System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +11073291 System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +71 System.Web.HttpRequest.get_Form() +178 System.Web.HttpRequest.get_HasForm() +11073527 System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +124 System.Web.UI.Page.DeterminePostBackMode() +83 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11039703 System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11039242 System.Web.UI.Page.ProcessRequest() +91 System.Web.UI.Page.ProcessRequest(HttpContext context) +240 ASP.default_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\trade\aaecf40d\723af044\App_Web_qcfqiqyn.14.cs:0 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionSte p.Execute() +599 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171 I set ValidateRequest="False" in Default.aspx but I still get the same error. Any ideas on how this can be resolved? thanks again! Joby ________________________________________ From: Scott Golightly [[email protected]] Sent: Wednesday, September 02, 2009 1:13 PM To: [email protected] Subject: RE: [jira] Commented: (STONEHENGE-73) Change Stonehenge to use claims based security I think the problem might be with the readme.txt. Under step 4 there should be a number 3 that says Copy the files in the common directory from the install location to the corresponding location in the stocktrader common directory. Replace the existing files. The method is defined in the business services and in the common files. I included the files but didn't get the readme correct. Scott Golightly -----Original Message----- From: Chintana Wilamuna (JIRA) [mailto:[email protected]] Sent: Wednesday, September 02, 2009 2:53 AM To: [email protected] Subject: [jira] Commented: (STONEHENGE-73) Change Stonehenge to use claims based security [ https://issues.apache.org/jira/browse/STONEHENGE-73?page=com.atlassian.jira. plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12750335#acti on_12750335 ] Chintana Wilamuna commented on STONEHENGE-73: --------------------------------------------- Scott, I'm trying to get the service running and bumped into a couple of issues. First, after giving my credentials for the sa account to connect to the database, it complained saying that I don't have a dbo.Users table. So I got the relevant bits from CreateStonehengePassiveSts.sql and created the Users table in StockTraderDB. Now, I'm getting a different error, <error> Compiler Error Message: CS1061: 'Trade.BusinessServiceClient.BSLClient' does not contain a definition for 'getProfileIdFromStsIdentifier' and no extension method 'getProfileIdFromStsIdentifier' accepting a first argument of type 'Trade.BusinessServiceClient.BSLClient' could be found (are you missing a using directive or an assembly reference?) Source Error: Line 66: Line 67: BSLClient client = new BSLClient(); Line 68: String profileId = client.getProfileIdFromStsIdentifier(identifier, uri); Line 69: Line 70: Source File: d:\src\stonehenge\stocktrader\dotnet\trader_client\Trade\Default.aspx.cs Line: 68 </error> Do I have to add the references? > Change Stonehenge to use claims based security > ---------------------------------------------- > > Key: STONEHENGE-73 > URL: https://issues.apache.org/jira/browse/STONEHENGE-73 > Project: Stonehenge > Issue Type: New Feature > Components: Documentation, DOTNET_BS, DOTNET_CLIENT, DOTNET_OPS, PHP_BS, PHP_CLIENT, PHP_OPS, WSAS_BS, WSAS_OPS > Affects Versions: M2 > Environment: All of the Stonehenge stock trader applications > Reporter: Scott Golightly > Assignee: Scott Golightly > Attachments: Changes to Apache Stonehenge to Support Claims Based Security.docx, Changes to Apache Stonehenge to Support Claims Based Security.docx, Changes to Apache Stonehenge to Support Claims Based Security.pdf, Changes to Apache Stonehenge to Support Claims Based Security.pdf, StonehengeIdentity-08-Aug-2009.zip > > > I am proposing that we change the authentication and authorization mechanism in Stonehenge to use claims based tokens rather than the current user name/password. I am attaching a word document and a .PDF of the document that explains in greater detail the proposal. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
