Philippsen's Blog

Everyday findings in my world of .net and related stuff

AIf – Some or all identity references could not be translated.

Posted by Torben M. Philippsen on May 11, 2015

In a recent task i struggled with that error when calling an AIF http service. It would work from visual studios internal casini browser but when the client was deployed to IIS the error “ Some or all identity references could not be translated.” would display in the AIF exception log.

It was not possible to set up proper debugging in a timely manner so a little fix was created in order to being able to see why the error was being thrown.

Analyzing the labelid’s it turned out that the error with that labelid would only be thrown from one single location data dictionary/tables/AifPortUser. From there a call to to AifUtil::getWindowsUserSid(windowsUser) would occur causing the exception to be thrown. So the interesting thing would be to analyze what windows user actually was submitted by the client. In order to do that the AifUtil::getWindowsUserSid was modified in order to write the domain, alias and usersid to a text file:

        //ztmp
        TextIo textIo;
        FileIOPermission fileio;   
        //ztmp
  

        .

        .

        .

 

        //ztmp
        fileio = new FileIOPermission(@"C:\test\", #io_append);
        fileio.assert();
       
        textIo = new TextIo(@"C:\test\textIOtest.txt", #IO_WRITE);
        textIo.write("domain: " + domain + "\n");
        textIo.write("alias: " + alias + "\n");
        textIo.write("userSid: " + userSid + "\n");
        CodeAccessPermission::revertAssert();
        //ztmp

That little snipped showed that the identity of the default apppool was submitted and not the actual windows user. Changing the apppool identity fixed the problem.

Advertisements

Sorry, the comment form is closed at this time.

 
%d bloggers like this: