none
SharePoint App connecting to Search REST API with OAuth – Random claim fail RRS feed

  • Question

  • We are seeing random failures authenticating users in a high trust app for SharePoint (high trust apps is setup as described on this page http://msdn.microsoft.com/en-us/library/fp179901.aspx)

    Occasionally, the user does not get all the claims he needs for searching, resulting in a “Sorry something went wrong” message. Refreshing the page and trying again usually works.

    Turning on verbose logging in SharePoint does not reveal any (obvious) errors.

    We retrieve an accesstoken using code from TokenHelper.cs, and pass it along in the HTTP Authorization header to the SharePoint Search REST API.  From the ULS logs, the steps SharePoint usually takes to get back the user identity are

    1. Try the Distributed Cache
    2. If that fails, try the Local Cache
    3. If that fails, look up the User Profile

    We can see that the failing users get a ClaimsCount of 16 when it has to resort to looking up the user in the User Profile service. Normally, the ClaimsCount is a lot more, from 40 to 90.

    Any help is very much appreciated :) 

    Some highlights? from ULS:

     

    03.20.2013 13:01:51.56      w3wp.exe (0x12F0)        0x2CDC SharePoint Foundation  DistributedCache        agyfw    Unexpected        Unexpected error occurred in method 'GetObject' , usage 'Distributed Logon Token Cache' - Exception 'Microsoft.ApplicationServer.Caching.DataCacheException: ErrorCode<ERRCA0018>:SubStatus<ES0001>:The request timed out.. Additional Information : The client was trying to communicate with the server : net.tcp://HCA-MSRC-G1.mydomain.dir.com:22233     at Microsoft.ApplicationServer.Caching.DataCache.ThrowException(ResponseBody respBody, RequestBody reqBody)     at Microsoft.ApplicationServer.Caching.DataCache.InternalGet(String key, DataCacheItemVersion& version, String region, IMonitoringListener listener)     at Microsoft.ApplicationServer.Caching.DataCache.<>c__DisplayClass49.<Get>b__48()     at Microsoft.SharePoint.DistributedCaching.SPDistributedCache.GetObject(String key)'.              a19d099c-0f97-f059-8cae-f61302474bae

    03.20.2013 13:01:51.56      w3wp.exe (0x12F0)        0x2CDC SharePoint Foundation  DistributedCache              air4d        Medium               Token Cache: Reverting to local cache to get the token for '0).w|s-1-5-21-305035777-899029998-720635935-392084'.  a19d099c-0f97-f059-8cae-f61302474bae

    03.20.2013 13:01:51.56      w3wp.exe (0x12F0)        0x2CDC SharePoint Foundation  Application Authentication        ajwp0    Medium               SPApplicationAuthenticationModule: User token does not exist in token cache.        a19d099c-0f97-f059-8cae-f61302474bae

     

    03.20.2013 13:01:51.59      w3wp.exe (0x1D90)       0x1D58 SharePoint Foundation  Claims Authentication    f2uu        Verbose                STS Call: Issuing new security token.        a19d099c-0f97-f059-8cae-f61302474bae

    03.20.2013 13:01:51.61      w3wp.exe (0x1D90)       0x1D58 SharePoint Portal Server               User Profiles       aiadw        Verbose                Looking up user profile by nameid claim 's-1-5-21-305035777-899029998-720635935-392084' after translating to SecurityIdentifier             a19d099c-0f97-f059-8cae-f61302474bae

    03.20.2013 13:01:51.61      w3wp.exe (0x1D90)       0x1D58 SharePoint Server            General ahjnd     Medium        Constructed a new async cache named Profile Property Cache     a19d099c-0f97-f059-8cae-f61302474bae

    03.20.2013 13:01:51.61      w3wp.exe (0x1D90)       0x1D58 SharePoint Server            General ahjne     Verbose        Looking for a cached value matching 1f12d9d3-6e72-49e4-8a83-8013b838f7d5 in the Profile Property Cache cache.              a19d099c-0f97-f059-8cae-f61302474bae

    03.20.2013 13:01:52.06      w3wp.exe (0x12F0)        0x2CDC SharePoint Foundation  Claims Authentication    ahfz3        Verbose                Token Cache: Could not find token refence claim in sessionToken to be written. Trying ApplicationTokenCacheKey  a19d099c-0f97-f059-8cae-f61302474bae

    03.20.2013 13:01:52.06      w3wp.exe (0x12F0)        0x2CDC SharePoint Foundation  General 6t8b      Verbose        Looking up context  site http://search.uat.mydomain/_api/search/postquery in the farm mydomain_UAT_FARM02_Config_DB01      a19d099c-0f97-f059-8cae-f61302474bae

     

    03.20.2013 13:01:52.06      w3wp.exe (0x12F0)        0x2CDC SharePoint Foundation  Application Authentication        ajwpq    Verbose                SPApplicationAuthenticationModule: Signed in by STS roundtrip.               a19d099c-0f97-f059-8cae-f61302474bae

    03.20.2013 13:01:52.06      w3wp.exe (0x12F0)        0x2CDC SharePoint Foundation  Authentication Authorization        ag6al     Medium               OAuth app principal Name=i:0i.t|ms.sp.ext|49a2fdc3-515c-4b19-bfb3-6a2853efe83d@d725fe9f-496f-4055-ac7f-b0497c26f59f, IsAppOnlyRequest=False, UserIdentityName=0#.w|mydomain\sno00723, ClaimsCount=16    a19d099c-0f97-f059-8cae-f61302474bae

    03.20.2013 13:01:52.11      w3wp.exe (0x12F0)        0x2E08 SharePoint Foundation  CSOM   ajwqj     Medium        Request does not have SPBasePermissions.UseRemoteAPIs permission. Need to check it when each API is accessed      a19d099c-0f97-f059-8cae-f61302474bae

    03.20.2013 13:01:52.12      w3wp.exe (0x12F0)        0x2E08 SharePoint Server Search              Query    adm4a  High        Exception caught in SearchService.Execute method. Exception: Microsoft.SharePoint.SPException: The SafeQueryPropertiesTemplateUrl "The SafeQueryPropertiesTemplateUrl &quot;{0}&quot; is not a valid URL." is not a valid URL.     at Microsoft.Office.Server.Search.Query.SearchExecutor.OverlaySafeQueryPropertiesTemplate(Query query)     at Microsoft.Office.Server.Search.Query.SearchExecutor.PreExecuteQuery(Query query)     at Microsoft.Office.Server.Search.Query.SearchExecutor.ExecuteQuery(Query query)     at Microsoft.Office.Server.Search.Query.SearchExecutor.<>c__DisplayClass2.<ExecuteQuery_Client>b__0()     at Microsoft.Office.Server.Search.Query.SearchExecutor.RunWithRemoteAPIsPermission[T](Func`1 f)     at Microsoft.Office.Server.Search.Query.SearchExecutor.ExecuteQuery_Client(Query query)     at Microsoft.Office.Server.Search.REST.SearchService.<ExecuteQuery>b__a(KeywordQuery query)     at Microsoft.Office.Server.Search.REST.SearchService.Execute[T](Action`1 initializer, Func`2 executor)    a19d099c-0f97-f059-8cae-f61302474bae

     

     

     

     

     


    Wednesday, March 27, 2013 12:05 PM

All replies