none
Identity must not be Generic RRS feed

  • Question

  • Hi,

    For introduce you to my problem, i'll list my server spec before:

    - Windows 2012 R2

    - Sharepoint 2013

    - Project Server 2013

    I develop a event handler for a site collection (PWA).

    When I try to get the list of events by WCF with the service "http://servername/_vti_bin/PSI/ProjectServer.svcon the activate of the feature, I got in the ULS the error "Identity must not be Generic".

    When I check before the error in the ULS, it's show that I try to connect with the IIS anonymous user (nt authority/iusr).

    I try to create a channel with delagation or impersonalisation and also in kerberos or ntlm but nothing work.

    For a little test, i try to give permissions of farm admin to the IUSR but that did'nt work.

    Did someone know the source of my problem and how to correct ?

    Thank you in advance.

    Wednesday, April 30, 2014 4:40 PM

Answers

  • Okay that gives me a little bit more detail, to what i am understanding is on Feature activate you are trying to call the Project Server WCF, and thats where the identity being passed is IUSR, correct me if i am wrong

    so what feature are you trying to activate ?  can you give us more details around what this application is trying to do ?

    I am assuming since this is a feature it should be running under SharePoint context so why not use "SPContext.Current.Web.CurrentUser.LoginName" instead or try using HttpContext.Current.User.Identity.Name 

    Or within your code whatever method you are trying to invoke, invoke it with Web App Pool account by using code as below, in this case you will need to make sure WebAppPool account has sufficient permission in project server 

    SPSecurity.RunWithElevatedPrivileges(delegate()
    {
    //Your method here 
    ProjectDataSet = projectClient.ReadProject(PROJ_UID,SvcProject.DataStoreEnum.WorkingStore);
    });
    



    Thanks | Sunil Kr Singh | http://epmxperts.wordpress.com

    • Marked as answer by SittButt Friday, May 2, 2014 11:56 AM
    Thursday, May 1, 2014 2:50 PM
    Moderator

All replies

  • Under which account is your Eventing service executing, also i would check the WCF binding and what credentials i am passing ?

    Thanks | Sunil Kr Singh | http://epmxperts.wordpress.com

    Wednesday, April 30, 2014 8:43 PM
    Moderator
  • If you talk about the Eventing Service of Project, he run with a account that is farm administrator.

    For the Binding, I use a BasicHTTP binding with the code like this:

    const HttpClientCredentialType CONST_CLIENTCREDENTIALTYPE = HttpClientCredentialType.Ntlm;
    const TokenImpersonationLevel CONST_ALLOWEDIMPERSONNALISATIONLEVEL = TokenImpersonationLevel.Impersonation;

    binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportCredentialOnly);
    binding.Name = "basicHttpConf";
    binding.SendTimeout = TimeSpan.MaxValue;
    ((BasicHttpBinding)binding).MaxReceivedMessageSize = 500000000;
    ((BasicHttpBinding)binding).ReaderQuotas.MaxDepth = 32;
    ((BasicHttpBinding)binding).ReaderQuotas.MaxStringContentLength = 8192;
    ((BasicHttpBinding)binding).ReaderQuotas.MaxArrayLength = 16384;
    ((BasicHttpBinding)binding).ReaderQuotas.MaxNameTableCharCount = 500000000;
    ((BasicHttpBinding)binding).ReaderQuotas.MaxBytesPerRead = 4096;
    ((BasicHttpBinding)binding).Security.Transport.ClientCredentialType = Common.GeneralUtility.CONST_CLIENTCREDENTIALTYPE;
    ((BasicHttpBinding)binding).Security.Transport.Realm = "";

    EndpointAddress address = new EndpointAddress(pwaUrl + svcRouter);
    eventsClient = new SvcEvents.EventsClient(binding, address);
    eventsClient.ChannelFactory.Credentials.Windows.AllowedImpersonationLevel = Common.GeneralUtility.CONST_ALLOWEDIMPERSONNALISATIONLEVEL;

    I try yesterday to enter in Debug Mode of the feature and when i call the method "System.Security.Principal.WindowsIdentity.GetCurrent().Name;" is the command window, he give me the credential "nt authority\iusr".

    Also I try another way to call the WCF service, to call it from an custom csharp assembly and it's working (the credential are okay).

    The problem seem to be that on the click of the activate of the feature in the panel, the action is made anonymous.

     

    Thursday, May 1, 2014 12:05 PM
  • Okay that gives me a little bit more detail, to what i am understanding is on Feature activate you are trying to call the Project Server WCF, and thats where the identity being passed is IUSR, correct me if i am wrong

    so what feature are you trying to activate ?  can you give us more details around what this application is trying to do ?

    I am assuming since this is a feature it should be running under SharePoint context so why not use "SPContext.Current.Web.CurrentUser.LoginName" instead or try using HttpContext.Current.User.Identity.Name 

    Or within your code whatever method you are trying to invoke, invoke it with Web App Pool account by using code as below, in this case you will need to make sure WebAppPool account has sufficient permission in project server 

    SPSecurity.RunWithElevatedPrivileges(delegate()
    {
    //Your method here 
    ProjectDataSet = projectClient.ReadProject(PROJ_UID,SvcProject.DataStoreEnum.WorkingStore);
    });
    



    Thanks | Sunil Kr Singh | http://epmxperts.wordpress.com

    • Marked as answer by SittButt Friday, May 2, 2014 11:56 AM
    Thursday, May 1, 2014 2:50 PM
    Moderator
  • The "SPSecurity.RunWithElevatedPrivileges" correct my problem.

    That seems that between SP2010 and SP2013, something change in this case.

    The article I find that explain this change is:

    http://blog.blksthl.com/2012/11/02/anonymous-authentication-always-on-in-sharepoint-2013/


    And the solutions:

    http://www.projectserver2010blog.com/2013/04/project-server-2013-psi-from-web.html

    Thursday, May 1, 2014 5:34 PM
  • Glad that this solution resolves your problem :)

    Thanks | Sunil Kr Singh | http://epmxperts.wordpress.com

    Thursday, May 1, 2014 5:52 PM
    Moderator