dotnet-cas-client
dotnet-cas-client copied to clipboard
apereo
Null ProxyGrantingTicket found
Error is random and not reproducible. There are CAS logs created.
What test should be performed to check for error before calling GetProxyTicketIdFor method
casTicket = CasAuthentication.ServiceTicketManager.GetTicket(formsAuthTicket.UserData);
if (casTicket.ProxyGrantingTicket == null)
{
// How to get PGT??
//
}
Current workaround restart IIS website on the production server.
Production is using a load balancer and a single front-end server. There is no cache enabled on the Server side. IIS application pool recycles every 20 minutes.
Test Url - https://help.3ds.com/MyAppTest.aspx
Using another My Apps Service within the company to get data by proxy authentication.
Using CAS authentication URL: https://eu1-ds-iam.3dexperience.3ds.com/3DPassport/my-profile
My Apps Service to get data using PGT - https://eu1-apps.3dexperience.3ds.com/enovia/resources/AppsMngt/apps/appsForUser
Error Output -
CAS Is Authenticated: True
CAS Ticket: ST-850625-7cwPxvNTgts9coel3kZb-cas
CAS Ticket Details: [ST-850625-7cwPxvNTgts9coel3kZb-cas] NetID............. vch Proxy............. PGT IOU......... PGT............. Proxy Tickets... Origin Service.... https://betahelp.3ds.com/MyAppTest.aspx Client Address.... 10.16.8.16 Valid From........ 2/15/2021 9:08:58 AM Valid Until....... 2/15/2021 9:38:58 AM Assertion......... Principal....... vch Valid From...... 2/15/2021 9:08:58 AM Valid Until..... 1/1/0001 12:00:00 AM Attributes......
Proxy Ticket Error: System.InvalidOperationException: Unable to obtain CAS Proxy Ticket. at DotNetCasClient.CasAuthentication.LogAndThrowOperationException(String message) at DotNetCasClient.CasAuthentication.GetProxyTicketIdFor(String targetServiceUrl) at SolidWorks.Content.SWHelp.MyAppTest.Page_Load(Object sender, EventArgs e) in C:\lc\src_ds\SWHelp\MyAppTest.aspx.cs:line 202
Good Output -
CAS Is Authenticated: True
CAS Ticket: ST-5333856-349PFWBoGyMsFKeLO4RQ-cas
CAS Ticket Details: [ST-5333856-349PFWBoGyMsFKeLO4RQ-cas] NetID............. vch Proxy............. PGT IOU......... TGT-5922734-luHmcKgrqUZObhoNLEcBAcXCT70BOh6pIXnPWZl0rhaeY7T6ew-cas PGT............. PGTIOU-661059-7ChLanrXDqlOlwfOQ7vp-cas Proxy Tickets... Origin Service.... https://help.3ds.com/HelpProductsDS.aspx Client Address.... 10.16.3.169 Valid From........ 7/14/2021 10:25:51 PM Valid Until....... 7/14/2021 10:55:51 PM Assertion......... Principal....... vch Valid From...... 7/14/2021 10:25:51 PM Valid Until..... 1/1/0001 12:00:00 AM Attributes......
Proxy Ticket from GetProxyTicketIdFor received: ST-5426807-0oYXKgxxxIJ0Sh9cmuIB-cas
Error is due to ProxyGrantingTicketId being null. proxyGrantingTicketId cannot be null After the exception, the problem is not being able to recover after doing CasAuthentication.ClearAuthCookie(). The only way to recover is doing an IIS reset. The code works but after getting this exception not able to recover even after doing the ClearAuthCookie().
if (iCnt > 3)
{
// CasAuthentication Clearing Auth Cookie after three Refresh tries.
CasAuthentication.ClearAuthCookie();
if ((HttpContext.Current != null) && (HttpContext.Current.Session != null))
{
HttpContext.Current.Session.Clear();
HttpContext.Current.Session.Abandon();
}
}
This is from Memory dump during error on production – We have reviewed the dumps, please find the analysis below – This is what we’ve been seeing. The exception we are looking for seems to be on this memory dump: w3wp__DSHelp__PID__8156__Date__02_19_2021__Time_04_59_43PM__398__First Chance System.ArgumentException.dmp In this stack we are having the exception: 0:029> kc
Call Site
00 KERNELBASE!RaiseException 01 clr!RaiseTheExceptionInternalOnly 02 clr!IL_Throw 03 DotNetCasClient!DotNetCasClient.Utils.UrlUtil.ConstructProxyTicketRequestUrl 04 DotNetCasClient!DotNetCasClient.CasAuthentication.GetProxyTicketIdFor 05 SWHelp!SolidWorks.Content.SWHelp.MyAppTest.Page_Load 06 System_Web_ni!System.Web.UI.Control.OnLoad 07 System_Web_ni!System.Web.UI.Control.<LoadRecursiveAsync>d__246.MoveNext 08 System_Web_ni!System.Web.Hosting.ApplicationManager.SuspendAllApplications 09 System_Web_ni!System.Web.UI.Control.LoadRecursiveAsync 0a System_Web_ni!System.Web.UI.Page.<ProcessRequestMainAsync>d__523.MoveNext 0b System_Web_ni!System.Web.Hosting.ApplicationManager.SuspendAllApplications 0c System_Web_ni!System.Web.UI.Page.ProcessRequestMainAsync 0d System_Web_ni!System.Web.UI.Page.<ProcessRequestAsync>d__515.MoveNext 0e System_Web_ni!System.Web.Hosting.ApplicationManager.SuspendAllApplications 0f System_Web_ni!System.Web.UI.Page.ProcessRequestAsync 10 System_Web_ni!System.Web.UI.Page.<>c__DisplayClass554_0.<ProcessRequestAsync>b__0 11 System_Web_ni!System.Web.HttpContext.InvokeCancellableCallback 12 System_Web_ni!System.Web.UI.Page.<ProcessRequestAsync>d__554.MoveNext 13 System_Web_ni!System.Web.Hosting.ApplicationManager.SuspendAllApplications 14 System_Web_ni!System.Web.UI.Page.ProcessRequestAsync 15 System_Web_ni!System.Web.TaskAsyncHelper.BeginTask 16 App_Web_pbgxtqie!ASP.myapptest_aspx.BeginProcessRequest … 0:029> !pe2 Address: 0x00000079d3dbd960 HResult: 0x80070057 Type: System.ArgumentException Message: For proxy ticket requests, proxyGrantingTicketId cannot be null and must be specified. Stack Trace: SP IP Function Source
If we review the code, the exception is being thrown as the object is null public static string ConstructProxyTicketRequestUrl( string proxyGrantingTicketId, string targetService) { CasAuthentication.Initialize(); if (string.IsNullOrEmpty(proxyGrantingTicketId)) throw new ArgumentException("For proxy ticket requests, proxyGrantingTicketId cannot be null and must be specified."); if (string.IsNullOrEmpty(targetService)) throw new ArgumentException("For proxy ticket requests, targetService cannot be null and must be specified.");
That is being passed as a parameter on this method:
public static string GetProxyTicketIdFor(string targetServiceUrl)
{
CommonUtils.AssertNotNullOrEmpty(targetServiceUrl, "targetServiceUrl parameter cannot be null or empty.");
if (CasAuthentication.ServiceTicketManager == null)
CasAuthentication.LogAndThrowConfigurationException("Proxy authentication requires a ServiceTicketManager");
FormsAuthenticationTicket authenticationTicket = CasAuthentication.GetFormsAuthenticationTicket();
if (authenticationTicket == null)
CasAuthentication.LogAndThrowOperationException("The request is not authenticated (does not have a CAS Service or Proxy ticket).");
if (string.IsNullOrEmpty(authenticationTicket.UserData))
CasAuthentication.LogAndThrowOperationException("The request does not have a CAS Service Ticket.");
CasAuthenticationTicket ticket = CasAuthentication.ServiceTicketManager.GetTicket(authenticationTicket.UserData);
if (ticket == null)
CasAuthentication.LogAndThrowOperationException("The request does not have a valid CAS Service Ticket.");
string responseXml = (string) null;
try
{
responseXml = HttpUtil.PerformHttpGet(UrlUtil.ConstructProxyTicketRequestUrl(ticket.ProxyGrantingTicket, targetServiceUrl), true)
0:029> !do2 0000007ad8fd4368 0x0000007ad8fd4368 DotNetCasClient.CasAuthenticationTicket 0008 NetId : 0000007ad8fd18f8 "vch" [3] (System.String) 0010 ServiceTicket : 0000007ad8f7a658 "ST-1713038-t4saojRRdfuziqjT1nCh-cas" [35] (System.String) 0018 ProxyGrantingTicketIou : 0000007ad8fd2678 "PGTIOU-997576-HuIaIFJ4ceczwidxbQmf-cas" [38] (System.String) 0020 ProxyGrantingTicket : NULL 0028 Proxies : 0000007ad8fd43c8 (System.Collections.Generic.List<System.String>) [Length: 0] 0030 OriginatingServiceName : 0000007ad8fd42d8 https://help.3ds.com/MyAppTest.aspx [35] (System.String) 0038 ClientHostAddress : 0000007ad8fd4338 "10.16.8.83" [10] (System.String) 0040 Assertion : 0000007ad8fd2700 (DotNetCasClient.Security.Assertion) 0048 ValidFromDate : 0000007ad8fd43b0 19/02/2021 17:59:43 (System.DateTime) 0050 ValidUntilDate : 0000007ad8fd43b8 19/02/2021 18:29:43 (System.DateTime)
