Windows Identity Foundation has trouble accepting SAML2 tokens requested from WSO2’s WS-Trust (see exception). Is it possible to change the token or is there a known solution to this problem?
System.Xml.XmlException: Cannot read KeyIdentifierClause from element 'Reference' with namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'. Custom KeyIdentifierClauses require custom SecurityTokenSerializers, please refer to the SDK for examples.
at System.IdentityModel.Tokens.WSSecurityJan2004.SecurityTokenReferenceJan2004ClauseEntry.ReadKeyIdentifierClauseCore(XmlDictionaryReader reader)
at System.IdentityModel.Tokens.KeyInfoSerializer.ReadKeyIdentifierClauseCore(XmlReader reader)
at System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ReadKeyIdentifierClauseCore(XmlReader reader)
at System.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.ReadRSTRXml(XmlReader reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants)
at System.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.ReadXml(XmlReader reader, WSTrustSerializationContext context)
at System.IdentityModel.Services.WSFederationSerializer.CreateResponse(FederationMessage message, WSTrustSerializationContext context)
at System.IdentityModel.Services.WSFederationAuthenticationModule.GetXmlTokenFromMessage(SignInResponseMessage message, WSFederationSerializer federationSerializer)
at System.IdentityModel.Services.WSFederationAuthenticationModule.GetSecurityToken(SignInResponseMessage message)
at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request)
at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Related
I recently resumed work on a project that had lain dormant for a year. It was using Angular on AspNet Core 1.1 and using an early version of OpenIddict 1.0. It was developed using VS2017.
I updated VS2017 to the latest release (15.7.5) but the project would not compile and when I fixed the compilation errors it wouldn't run. So eventually I bit the bullet and decided to update the project to Asp Net Core 2.1 and to use the latest version of OpenIddict. I have the project so it compiles but when it starts it gives the error in the title, namely "InvalidOperationException: Scheme already exists: Bearer"
I can't see what is wrong. I understand that somewhere a second scheme named 'Bearer' is being added, but I can't figure out where. I am enclosing below my Startup.cs in its entirety.
using AspNet.Security.OpenIdConnect.Primitives;
using Microsoft.AspNetCore.Builder;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using SIAngular.DBContexts;
using SIAngular.Models;
using SIAngular.Services;
using OpenIddict.Abstractions;
using System.IdentityModel.Tokens.Jwt;
using Microsoft.IdentityModel.Tokens;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Authentication.JwtBearer;
namespace SIAngular
{
public class Startup
{
public Startup(IHostingEnvironment env)
{
var builder = new ConfigurationBuilder()
.SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
.AddEnvironmentVariables();
Configuration = builder.Build();
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
services.AddMvc();
services.AddDbContext<ApplicationDbContext>(options =>
{
// Configure the context to use Microsoft SQL Server.
options.UseSqlServer(Configuration.GetConnectionString("SqlConnection"));
// Register the entity sets needed by OpenIddict.
// Note: use the generic overload if you need
// to replace the default OpenIddict entities.
options.UseOpenIddict();
});
// Register the Identity services.
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
//.AddDefaultTokenProviders();
// Configure Identity to use the same JWT claims as OpenIddict instead
// of the legacy WS-Federation claims it uses by default (ClaimTypes),
// which saves you from doing the mapping in your authorization controller.
services.Configure<IdentityOptions>(options =>
{
options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name;
options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject;
options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role;
});
services.AddOpenIddict()
// Register the OpenIddict core services.
.AddCore(options =>
{
// Configure OpenIddict to use the Entity Framework Core stores and models.
options.UseEntityFrameworkCore()
.UseDbContext<ApplicationDbContext>();
})
// Register the OpenIddict server services.
.AddServer(options =>
{
// Register the ASP.NET Core MVC services used by OpenIddict.
// Note: if you don't call this method, you won't be able to
// bind OpenIdConnectRequest or OpenIdConnectResponse parameters.
options.UseMvc();
// Enable the token endpoint.
options .EnableTokenEndpoint("/connect/token");
options.AcceptAnonymousClients();
options.DisableScopeValidation();
// Note: the Mvc.Client sample only uses the code flow and the password flow, but you
// can enable the other flows if you need to support implicit or client credentials.
options.AllowPasswordFlow();
// Mark the "email", "profile" and "roles" scopes as supported scopes.
options.RegisterScopes(OpenIdConnectConstants.Scopes.Email,
OpenIdConnectConstants.Scopes.Profile,
OpenIddictConstants.Scopes.Roles);
// During development, you can disable the HTTPS requirement.
options.DisableHttpsRequirement();
// Note: to use JWT access tokens instead of the default
// encrypted format, the following lines are required:
//
options.UseJsonWebTokens();
options.AddEphemeralSigningKey();
})
// Register the OpenIddict validation services.
.AddValidation();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
services.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = "http://localhost:53244/";
options.Audience = "resource_server";
options.RequireHttpsMetadata = false;
//options.IncludeErrorDetails = true;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = OpenIdConnectConstants.Claims.Subject,
RoleClaimType = OpenIdConnectConstants.Claims.Role
};
});
services.AddTransient<IEmailSender, AuthMessageSender>();
services.AddTransient<ISmsSender, AuthMessageSender>();
}
public void Configure(IApplicationBuilder app)
{
app.UseDeveloperExceptionPage();
app.UseAuthentication();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
}
}
}
Can someone please exp-lain what I am doing wrong. My intent was to follow the OpenIddict examples but clearly I went wrong somewhere.
The full stacktrace follows:
System.InvalidOperationException: Scheme already exists: Bearer
at Microsoft.AspNetCore.Authentication.AuthenticationOptions.AddScheme(String name, Action`1 configureBuilder)
at Microsoft.AspNetCore.Authentication.AuthenticationBuilder.<>c__DisplayClass4_0`2.<AddSchemeHelper>b__0(AuthenticationOptions o)
at Microsoft.Extensions.Options.ConfigureNamedOptions`1.Configure(String name, TOptions options)
at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
at Microsoft.Extensions.Options.OptionsManager`1.<>c__DisplayClass5_0.<Get>b__0()
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd(String name, Func`1 createOptions)
at Microsoft.Extensions.Options.OptionsManager`1.Get(String name)
at Microsoft.Extensions.Options.OptionsManager`1.get_Value()
at Microsoft.AspNetCore.Authentication.AuthenticationSchemeProvider..ctor(IOptions`1 options, IDictionary`2 schemes)
at Microsoft.AspNetCore.Authentication.AuthenticationSchemeProvider..ctor(IOptions`1 options)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(IServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitScoped(ScopedCallSite scopedCallSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitSingleton(SingletonCallSite singletonCallSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(IServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.DynamicServiceProviderEngine.<>c__DisplayClass1_0.<RealizeService>b__0(ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.GetService(Type serviceType, ServiceProviderEngineScope serviceProviderEngineScope)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.GetService(Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(Type serviceType)
at Microsoft.Extensions.Internal.ActivatorUtilities.ConstructorMatcher.CreateInstance(IServiceProvider provider)
at Microsoft.Extensions.Internal.ActivatorUtilities.CreateInstance(IServiceProvider provider, Type instanceType, Object[] parameters)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass4_0.<UseMiddleware>b__0(RequestDelegate next)
at Microsoft.AspNetCore.Builder.Internal.ApplicationBuilder.Build()
at Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()
at Microsoft.AspNetCore.Hosting.Internal.WebHost.StartAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String shutdownMessage)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token)
at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(IWebHost host)
at SIAngular.Program.Main(String[] args) in C:\Users\username\Documents\Visual Studio 2017\Projects\SIAngular\Program.cs:line 20
I finally found the answer which is probably obvious to OpenIddict experts, but not to casual users.
Since I am using JWT the.AddValidation() after the registration of the OpenIddict server options is not needed. This is obvious in hindsight but I hope this helps someone else with this problem. I am sure I am not thbe only person dumb enough to have been caught by this and when I look at OpenIddict samples now I understand, but I think the comment "For JWT tokens, use the Microsoft JWT bearer handler." could be amended to "For JWT tokens, use the Microsoft JWT bearer handler and remove the call to AddValidation below.
I have tried the below code and worked for me.
public void ConfigureServices(IServiceCollection services)
{
// Code omitted for brevity
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Audience = "https://localhost:5000/";
options.Authority = "https://localhost:5000/identity/";
})
.AddJwtBearer("AzureAD", options =>
{
options.Audience = "https://localhost:5000/";
options.Authority = "https://login.microsoftonline.com/eb971100-6f99-4bdc-8611-
1bc8edd7f436/";
});
}
You can read this complete document on the below URL:
https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-6.0
I have tried other solution as well.
Please check if you have multiple startup.cs files and you are using any authentication schemes in that files.
and also check to publish folder/deployment folder, need to delete App_Data Folder before deploying fresh/ latest changes.
Starting from 04.06.2018 our production site started to receive requests that contains the cookie with invalid value:
_a_d3t6sf="duUt#<WFf>>nD=9O&lG9y)DN"
values are different, but name is the same for all requests.
Exception looks like this:
System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Cookies value was detected from the client (_a_d3t6sf="xdZ<et[)27rL^5lBe6rL_<[...").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpRequest.ValidateCookieCollection(HttpCookieCollection cc)
at System.Web.HttpRequest.get_Cookies()
at System.Web.HttpRequest.FillInParamsCollection()
at System.Web.HttpRequest.GetParams()
at System.Web.HttpRequest.get_Params()
at ASP._sites__shared_svc_getstrings_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer) in ___\getStrings.aspx:line 6
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at System.Web.UI.Page.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP._sites__shared_svc_getstrings_aspx.ProcessRequest(HttpContext context) in ___\root\3403aaf9\baa39378\App_Web_zbqbtb3n.2.cs:line 0
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
There is no such cookie in our code and there is no form posts or anything we can validate before that requests. We have validation mode 2.0 in our config
<httpRuntime targetFramework="4.5" requestValidationMode="2.0" />
so only .aspx pages throws that exception. One of them is callback page for a spanish online payment system. And it gets that cookie too from a real paysystem server - there was a payment done, request was sent to us, but was invalid because of that cookie.
There is a three .aspx pages that serves as minimization sources for styles, scripts and javascript localized strings. So one full page load throws three exceptions every time this happens, but only few clients has this cookie. On our computers we was unable to reproduce it.
So:
1. We has no things that adds or reads that cookie.
2. Not every client has it.
3. Secured request from online payment service sends payment data almots every day but also has that cookie once.
4. All windows updates including .net security was installed today - nothing has changed.
5. We can not turn validation off.
6. Last code changes was done month ago and all this started about two weeks ago.
Looking for any ideas and suggestions. Thank you.
Maybe you are using the zp.js or pluso-like.js plugins.
They do some suspisious activity and load 'processor.js' script that adds _a_d3t6sf cookie. If the client is lucky he will get safe cookie value like
duu2BAdLFlYTaTgr_h4WB6
but if he isn't he will get unsafe cookie value like
duu2BAdLFlYTaT#^0[AZ?WB6
There is some article about pluso.ru
My solution to this and all possible third-party invalid cookies:
1) Copy-paste or reflect CrossSiteScriptingValidation.cs class that is used to validate HttpRequest in framework internals:
https://referencesource.microsoft.com/#System.Web/CrossSiteScriptingValidation.cs,3c599cea73c5293b
2) In Global.asax on
protected void Application_BeginRequest( Object sender, EventArgs e ){}
validate cookies
// Validate and remove all invalid cookies
try
{
for( var i = Request.Cookies.Count - 1; i >= 0; i-- )
{
var cookie = Request.Cookies.Get( i );
if( string.IsNullOrWhiteSpace( cookie?.Value ) )
{
continue;
}
if( CrossSiteScriptingValidation.IsDangerousString( cookie.Value ) )
{
Request.Cookies.Remove( cookie.Name );
// Remove cookie from client
Response.Cookies.Add( new HttpCookie( cookie.Name ) { Expires = DateTime.Now.AddDays( -1d ) } );
}
}
}
catch( Exception ex )
{
Log.Error( "Failed to validate cookies. ", ex );
}
We have a thinktecture powered identity server used for SSO. There are several services which utilize that identity server. My app uses ASP.net WebApi controllers to handle UI requests. For a particular request I have to make a REST API call to one of the mentioned above services. That service requires authentication of course. What I'm trying to do is to pass FedAuth cookies from the current request to RestSharp client:
[HttpGet]
[Route("api/testroute")]
public IHttpActionResult Test()
{
var client = new RestSharp.RestClient(_someBaseUrl);
var req = new RestSharp.RestRequest(_someUrl);
var cookies = Request
.Headers
.GetCookies()
.SelectMany(x => x.Cookies)
.Where(x => x.Name.StartsWith("FedAuth"))
.ToList();
foreach (var cookie in cookies)
{
req.AddCookie(cookie.Name, cookie.Value);
}
var resp = client.Execute(req);
return Ok(resp);
}
RestSharp client call fails with 500 error code with the following stacktrace inside:
[FormatException: Invalid length for a Base-64 char array or string.]
System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength) +14390795
System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength) +162
System.Convert.FromBase64String(String s) +56
System.IdentityModel.Services.ChunkedCookieHandler.ReadInternal(String name, HttpCookieCollection requestCookies) +424
System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +99
System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +173
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165
Is my approach for user authorization correct? If so, am I doing something wrong with the cookies (from the stacktrace it looks like they are being corrupted)?
I think your FedAuth cookie was encoded. Maybe you can check if your FedAuth cookie contains char like '%'. If yes, just decode FedAuth before you use it.
I am trying to get Sitecore DMS 7.1 working. I followed the instructions on the sitecore support pages. I triple checked all the steps referred to on this website.
https://www.sitecore.net/Learn/Blogs/Technical-Blogs/John-West-Sitecore-Blog/Posts/2011/08/Troubleshooting-Analytics-is-Disabled-with-the-Sitecore-Customer-Engagement-Platform.aspx#comments
I have looked in the log file and i am getting.
3112 10:20:35 ERROR Application error.
Exception: System.Web.HttpException
Message: Online Marketing Suite is not enabled
Source: mscorlib
Server stack trace:
at Sitecore.Analytics.Reports.ReportDataHandler.AssertState(HttpContext context)
at Sitecore.Analytics.Reports.ReportDataHandler.ProcessRequest(HttpContext context)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase)
at System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData)
at Sitecore.Analytics.Reports.ReportDataHandler.RequestProcessor.EndInvoke(IAsyncResult result)
at Sitecore.Analytics.Reports.ReportDataHandler.EndProcessRequest(IAsyncResult result)
at System.Web.HttpApplication.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar)
Help. We have other sitecore sites and I was able to get it working on sitecore 7 platform.
Here is the logic that is causing the error to be thrown:
public static bool Enabled
{
get
{
if (Settings.GetBoolSetting("Analytics.Enabled", false))
return Sitecore.SecurityModel.License.License.HasModule("Sitecore.OMS");
else
return false;
}
}
So you can see that there are 2 criteria that need to be met.
First, the "Analytics.Enabled" setting in the analytics config file need to be set to true. It should look like the following.
<!--
ANALYTICS ENABLED
Determines whether analytics is enabled or not.
Default: true
-->
<setting name="Analytics.Enabled" value="true" />
Second, your license needs to include DMS (It's refers to it as "OMS" internally).
if (Context.Site.EnableAnalytics)
{
...
}
I am unable to Use the Topologymanager class inside the namespace Microsoft.SharePoint.Portal.Topology. I searched a lot. Its urgent. Thanks
I am getting the following error. When I include the namespace "Microsoft.SharePoint.Portal.Topology" in my Custom Web service.
A runtime exception was detected.
Details follow. Message: Cannot open
database "WSS_Content_Dev3" requested
by the login. The login failed. Login
failed for user
Techinal Details:
System.Data.SqlClient.SqlException:
Cannot open database
"WSS_Content_Dev3" requested by the
login. The login failed. Login failed
for user .
at
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection)
at
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at
System.Data.SqlClient.TdsParser.Run(RunBehavior
runBehavior, SqlCommand cmdHandler,
SqlDataReader dataStream,
BulkCopySimpleResultSet
bulkCopyHandler, TdsParserStateObject
stateObj) at
System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean
enlistOK) at
System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo
serverInfo, String newPassword,
Boolean ignoreSniOpenTimeout, Int64
timerExpire, SqlConnection
owningObject) at
System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String
host, String newPassword, Boolean
redirectedUserInstance, SqlConnection
owningObject, SqlConnectionString
connectionOptions, Int64 timerStart)
at
System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection
owningObject, SqlConnectionString
connectionOptions, String newPassword,
Boolean redirectedUserInstance) at
System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity
identity, SqlConnectionString
connectionOptions, Object
providerInfo, String newPassword,
SqlConnection owningObject, Boolean
redirectedUserInstance) at
System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions
options, Object poolGroupProviderInfo,
DbConnectionPool pool, DbConnection
owningConnection) at
System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection
owningConnection,
DbConnectionPoolGroup poolGroup) at
System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) at
System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory
connectionFactory) at
System.Data.SqlClient.SqlConnection.Open()
at
Microsoft.Office.Server.Data.SqlSession.OpenConnection()
at
Microsoft.Office.Server.Data.SqlSession.ExecuteNonQuery(SqlCommand
command) at
Microsoft.Office.Server.Data.SqlDatabaseManager.HasAccess(String
user) at
Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeAccessControl(SharedComponentSecurity
sharedApplicationSecurity) at
Microsoft.Office.Server.Administration.SharedResourceProvider.Microsoft.Office.Server.Administration.ISharedComponent.Synchronize()
Finally got the solution:
When you Use the templogymanager inside the web service directly or even include the namespace "Microsoft.SharePoint.Portal.Topology" at the top of the custom web service. It gives you error. I did the following thing.
I create the helper project in which I used the namespace Microsoft.SharePoint.Portal.Toplogy.
Compile it and put the dll into GAC.
Add the .dll reference to my project.
Then I called the helper Method in my custom web service.
Problem Solve.