I have the following test setup, all working:
-WCF Application running a MathService.svc, setup to use SimpleMembershipProvider
-MVC 4 Internet App using the default SimpleMembershipProvider
-Membership is:
- 3 Roles: 'Debug', 'Administrator' and 'Editor'
- 2 Users: 'Debug' in Role Debug and Administrator (ya, user debug in role debug)
- 'Admin' in Role Administrator
-Certificates, as far as I can tell are working, I can connect to the service using wshttp
Service Method Code.
//[PrincipalPermission(SecurityAction.Demand, Role = "Debug")]
public string Add(double A, double B)
{
OperationContext oc = OperationContext.Current;
ServiceSecurityContext ssc = oc.ServiceSecurityContext;
string cltName = ssc.PrimaryIdentity.Name; //cltName = "Debug"
var Rs = Roles.GetAllRoles(); //returns: 'Debug', 'Administrator', 'Editor' => OK
var dUsers = Roles.GetUsersInRole("Debug"); // 'Debug' => Expected
var aUsers = Roles.GetUsersInRole("Administrator"); // 'Debug', 'Admin' => expected
try
{
var a = Roles.GetRolesForUser(cltName); //this fails
var b = Roles.IsUserInRole(cltName, "Debug"); //this fails
var c = Roles.IsUserInRole(cltName, "Administrator"); //this fails
}
catch (Exception err)
{
string p = err.Message; // all fail with error :
// "Object reference not set to an instance of an object", inner exception=null
}
if (dUsers.Contains(cltName)) //this works, but requires extra step
//I should be able to us if(Roles.IsUserInRole(cltName, "Debug"))... here?!?
{
return string.Format("Result: {0}", (A + B).ToString("N2"));
}
else
{ //this is just to get a different result if NOT in role 'Debug'
return string.Format("Result: {0}", ((int)A + (int)B).ToString("N2"));
}
}
Why are calls to' Roles.GetRolesForUser(cltName)' and IsUserInRole failing?
I get the correct username from 'ServiceSecurityContext',
If I enable the [PrincipalPermission] attrib I get rejected if I call the service with user Admin, as expected.
So why would PrincipalPermission be able to get the correct user role?
Why can I use Roles.GetUsersInRole("Debug") to get all correct users
BUT I can not call Roles.IsUserInRole(..)??
There are some posts suggesting certificate / /membership setup errors, but I can not see how I can get so far and still have a wrong setup, and above all, just SOME of the Roles methods fail, not all. Any pointers?
A word about the return result, If I use my Role workaround and call via Debug, the service returns double precision, if I call with admin [PrincipalPermission] disabled, I get integer precision back
Regards, Andreas