locked
Session Authorization/Authentication Problem RRS feed

  • Question

  • I am using CSF Dev. Lite version on Win2003 server. After I fixed an Internal error problem, I run into another problem.

    The sequence of operations I tried:
    1. create a session without any user name/pwd and thus I see a session belongs to "Anonymous" in session mgmt console;
    2. send sync or async request from one participant to session which is supposed to route to another participant. If I send request without security token, the session complains about missing security in header, or failedAuthentication for wrong user/pwd. However, if I use the correct Windows account username/pwd, I got the following exception:

    <env:Fault>
                <env:Code>
                  <env:Value>envTongue Tiedender</env:Value>
                  <envTongue Tiedubcode>
                    <env:Value xmlnsStick out tonguerefix1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">prefix1Tongue Tiedecurity</env:Value>
                  </envTongue Tiedubcode>
                </env:Code>
                <env:Reason>
                  <env:Text xml:lang="en">User 'yzeng' is not authorized to access the service.</env:Text>
                </env:Reason>
                <env:Node>http://atr064/Session30/Session.ashx</env:Node>
              </env:Fault>

    I double checked my service is using "Integrated Windows Authentication". Any idea why it behalves like this? Is my user yzeng must be assigned to some group? Is there a default user/pwd I should use for session?

    Thanks,
    Ying
    Tuesday, May 1, 2007 8:00 PM

Answers

  • Hi Ying,

     

    I am sorry I did not notice properly that you were working with CSF Dev lite version and not the full version. You do not require AD server for using CSF Dev lite version and no need to promote your system as domain controller.

     

    Can you please send me eventlog detials, Session log details, SessionPolicy.config and SessionPolicyMapping.config files so that I can try to resolve the issue for you. You can mail me these at my personal ID ashish42@gmail.com

     

    Thanks,

     

    Ashish Malhotra

    Friday, May 4, 2007 5:59 AM

All replies

  • Hi Ying,

     

    As the exception says, you are not authorised to access SESSION service. You need to be a member of Requestors@CSF_Session group in order to send message to session.

     

    Please go through the previous posts related to issues with session also.

     

    Thanks,

     

    Ashish Malhotra

    Wednesday, May 2, 2007 10:51 AM
  • Okay this is a bit annoying. Initially, I don't have a domain controller setup. Now I just promoted my local machine as a domain controller by installing DNS/AD. But because I could not find CSF_Requestor group in AD Users and Groups tool, I figure it must be because I installed CSF before AD. After that I tried to re-install CSF Lite on the same machine and got the following error:

    Error 1609. An error occurred while applying security settings. Power Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. ... Unable to locate the user's SID, system error 1332, (NULL), ...

    BTW, I am using an account that is a member of administrators group. I also tried to repair my .NET 2.0/3.0 installation but nothing seemed to help. I am not a AD expert and not sure what security policy I should change on the users to allow such CSF installation. I am running WIN2003 Enterprise. Any idea on how to fix this?

    Thanks,
    Ying
    Thursday, May 3, 2007 7:56 PM
  • Hi Ying,

     

    I am sorry I did not notice properly that you were working with CSF Dev lite version and not the full version. You do not require AD server for using CSF Dev lite version and no need to promote your system as domain controller.

     

    Can you please send me eventlog detials, Session log details, SessionPolicy.config and SessionPolicyMapping.config files so that I can try to resolve the issue for you. You can mail me these at my personal ID ashish42@gmail.com

     

    Thanks,

     

    Ashish Malhotra

    Friday, May 4, 2007 5:59 AM