Error removing Active Directory users from DefaultRoleProvider when they no longer exist

Marcus Bodig

18 Januari 2017 15:33

I have configured Security to use our organization's Active Directory for Users.  I have also configured the system to use the default role provider so that we can manage websites by creating our own non-AD groups.  This is working great until users are removed from AD.

 

If a user no longer exists in AD and I try to remove them from the Role, I get the following error:

 

 

The full error Info is:

 

 at Geocortex.Platform.Security.Integration.IdentityServer.ManagementHelper.PerformRequest[T](ServiceDetails serviceDetails, String relativeUri, NameValueCollection data)

 

   at Geocortex.Platform.Security.Integration.IdentityServer.UserManagementClient.CreateUser(String userName, String password, String email, String[] rolesToAssign, String[] rolesToRemove)

 

   at Geocortex.Platform.Security.Integration.IdentityServer.SecurityIntegration.RemoveMembersInRoles(IEnumerable`1 memberSubjects, IEnumerable`1 roleSubjects)

 

   at Geocortex.Essentials.RestManager.Models.Repositories.SecurityRepository.EditRole(String userIssuerId, String roleIssuerId, String roleName, ICollection`1 users)

 

   at Geocortex.Essentials.RestManager.Controllers.SecurityUsersAndRolesController.CreateEditRole(SecurityRoleViewModel model)

 

   at lambda_method(Closure , ControllerBase , Object[] )

 

   at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)

 

   at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)

 

   at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClassd.<InvokeActionMethodWithFilters>b__a()

 

   at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation)

 

   at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters)

 

   at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)

 

 

Does anyone have any ideas on how I can remove these users?

0

• 

  Malcolm Walker

  • Community-Manager

  05 April 2017 23:57

  Hi Marcus,

   

  The code that removes role membership is reused for each operation, which is why CreateUser() appears in this stack trace.

   

  Because the user was removed from Active Directory, we can't get their user principal, so it's null.  Unfortunately, the CreateUser() method will try to create the user in this case, and won't do anything with the roles.  

   

  You may be able to avoid the issue if you try to remove multiple users from the role at once.  Are you able to bypass the issue if you do that?

   

  Regards,

   

  -Malcolm

  0
• 

  Marcus Bodig

  06 April 2017 14:15

  Malcolm,

   

  Removing multiple users at once did solve the issue.  I added myself to the group and applied the changes.  I then removed myself and the non-existant user and it worked correctly.

   

  Thank you for the work around...

  0

Du måste logga in om du vill lämna en kommentar.