IdentityNotMappedException: Some or all identity references could not be translated

elienfcu · February 11, 2021, 9:10pm

Creating a new Blazor Server Side project using Radzen 2.57.8 and selecting .Net or .Net Core 3.5 works fine. However, as soon as I add the Windows Security Provider I get the following exception when I run the application from Radzen or Visual Studio (refer to attached screen capture).

I am a Radzen Enterprise license owner.

Please advise.

IdentityNotMappedException: Some or all identity references could not be translated.
System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, bool forceSuccess)
System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
TestSso.ClaimsTransformation.TransformAsync(ClaimsPrincipal principal) in ClaimsTransformation.cs

    public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
    {
        var identity = principal.Identity as WindowsIdentity;
        foreach (var groupId in identity.Groups)
        {
            var group = groupId.Translate(typeof(NTAccount));
            identity.AddClaim(new Claim(identity.RoleClaimType, group.Value.Split("\\").Last()));
            identity.AddClaim(new Claim(identity.RoleClaimType, group.Value));
        }
        return Task.FromResult(principal);

Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, string scheme)
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

VS Exception screen capture uploaded:

korchev · February 12, 2021, 4:41am

Unfortunately we are not sure what is causing this exception and cannot reproduce it locally. I guess the error message means the current user belongs to a group which may have been deleted. Unfortunately searching for this exception didn't return anything helpful.

The best thing we can suggest is to add that file to Radzen's code generation ignore list and adding a check:

foreach (var groupId in identity.Groups)
{
     if (groupId.IsValidTargetType(typeof(NTAccount))) // <-- new code start
     {
          var group = groupId.Translate(typeof(NTAccount));

          identity.AddClaim(new Claim(identity.RoleClaimType, group.Value.Split("\\").Last()));
          identity.AddClaim(new Claim(identity.RoleClaimType, group.Value));
     } // <-- new code end
}

If this does not work then a try catch block would be needed:

foreach (var groupId in identity.Groups)
{
     try // <-- new code start
     {
          var group = groupId.Translate(typeof(NTAccount));

          identity.AddClaim(new Claim(identity.RoleClaimType, group.Value.Split("\\").Last()));
          identity.AddClaim(new Claim(identity.RoleClaimType, group.Value));
     } 
     catch (Exception) 
     {
     }  // <-- new code end
}

Hopefully the first customization will work and we will add it to Radzen.

elienfcu · February 25, 2021, 2:54pm

Thank you for your quick response.

The code in the first recommendation results in syntax errors the most important of which is "Argument 1: cannot convert from 'string' to 'System.IO.BinaryReader'"

I also wanted to add that I am using
Microsoft Visual Studio Professional 2019
Version 16.8.4

Finally, I tried adding Windows Security from my personal (not company issued computer) and I do not get the original error that I reported. This matches with your finding that you couldn't replicate the error on your end.

I am an admin user of the business computer and there maybe restrictions that prevents the Windows security code that Radzen generates from running on it.

elienfcu · May 10, 2021, 3:21pm

This is an update. I just tried to use Windows security from Radzen version 2.59.4 and the issue is now resolved on my my business issued computer.
What is the easiest way to read the user name of the user logged in to the Windows workstation and how to display it in a form?
It would be best to add the user's name in the Main layout so it is displayed on all pages using that layout.
Looking forward to Radzen release 3.0

korchev · May 10, 2021, 3:30pm

${Security.User.Name} should work.

Thanks!

elienfcu · May 10, 2021, 5:33pm

Thank you for the super quick response. I added a label to the Main template with Text value of ${Security.User.Name} like you suggested and ignored the design time message "The name 'Security' does not exist in the current context" message and the application ran successfully.
Thanks for the outstanding service.

SloSuenos · May 10, 2021, 7:10pm

@elienfcu, I like to do this to strip the domain name off the username, then set the result as a Global to be accessed wherever -

Slosuenos

elienfcu · May 10, 2021, 9:43pm

Worked perfectly. The domain name is gone and even better the design time error message is now replaced with an [Expression] place holder which makes more sesne.
Thanks SloSuenos