IdentityNotMappedException: Some or all identity references could not be translated

elienfcu · February 11, 2021, 9:10pm

Creating a new Blazor Server Side project using Radzen 2.57.8 and selecting .Net or .Net Core 3.5 works fine. However, as soon as I add the Windows Security Provider I get the following exception when I run the application from Radzen or Visual Studio (refer to attached screen capture).

I am a Radzen Enterprise license owner.

Please advise.

IdentityNotMappedException: Some or all identity references could not be translated.
System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, bool forceSuccess)
System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
TestSso.ClaimsTransformation.TransformAsync(ClaimsPrincipal principal) in ClaimsTransformation.cs

    public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
    {
        var identity = principal.Identity as WindowsIdentity;
        foreach (var groupId in identity.Groups)
        {
            var group = groupId.Translate(typeof(NTAccount));
            identity.AddClaim(new Claim(identity.RoleClaimType, group.Value.Split("\\").Last()));
            identity.AddClaim(new Claim(identity.RoleClaimType, group.Value));
        }
        return Task.FromResult(principal);

Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, string scheme)
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

VS Exception screen capture uploaded:

korchev · February 12, 2021, 4:41am

Unfortunately we are not sure what is causing this exception and cannot reproduce it locally. I guess the error message means the current user belongs to a group which may have been deleted. Unfortunately searching for this exception didn't return anything helpful.

The best thing we can suggest is to add that file to Radzen's code generation ignore list and adding a check:

foreach (var groupId in identity.Groups)
{
     if (groupId.IsValidTargetType(typeof(NTAccount))) // <-- new code start
     {
          var group = groupId.Translate(typeof(NTAccount));

          identity.AddClaim(new Claim(identity.RoleClaimType, group.Value.Split("\\").Last()));
          identity.AddClaim(new Claim(identity.RoleClaimType, group.Value));
     } // <-- new code end
}

If this does not work then a try catch block would be needed:

foreach (var groupId in identity.Groups)
{
     try // <-- new code start
     {
          var group = groupId.Translate(typeof(NTAccount));

          identity.AddClaim(new Claim(identity.RoleClaimType, group.Value.Split("\\").Last()));
          identity.AddClaim(new Claim(identity.RoleClaimType, group.Value));
     } 
     catch (Exception) 
     {
     }  // <-- new code end
}

Hopefully the first customization will work and we will add it to Radzen.

elienfcu · February 25, 2021, 2:54pm

Thank you for your quick response.

The code in the first recommendation results in syntax errors the most important of which is "Argument 1: cannot convert from 'string' to 'System.IO.BinaryReader'"

I also wanted to add that I am using
Microsoft Visual Studio Professional 2019
Version 16.8.4

Finally, I tried adding Windows Security from my personal (not company issued computer) and I do not get the original error that I reported. This matches with your finding that you couldn't replicate the error on your end.

I am an admin user of the business computer and there maybe restrictions that prevents the Windows security code that Radzen generates from running on it.