February 16 2009, 17:23

Problems logging into the CMS

I've installed EPiServer CMS 5 R2 SP1 on my maching (running Windows XP).

The demo templated are running fine in IIS and through Visual Studio, but I'm getting errors when trying to log into the actual CMS. I'm using my windows account username and password and am getting the following error:

Some or all identity references could not be translated.Exception Details: System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:


[IdentityNotMappedException: Some or all identity references could not be translated.]
System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess) +7606192
System.Security.Principal.SecurityIdentifier.Translate(Type targetType) +100
EPiServer.Security.WindowsMembershipProvider.GroupNamesFromIdentity(WindowsIdentity identity, String[] deletePrefix) +259
EPiServer.Security.WindowsMembershipProvider.ValidateUser(String username, String password) +190
System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs e) +60
System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e) +119
System.Web.UI.WebControls.Login.AttemptLogin() +115
System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +101
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +118
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +166
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565
 Can anyone help? 

 

 



  • April 19 2012, 17:21

    Is there any solution to this? I am getting it on a CMS 6 R2 installation when trying to use ActiveDirectory.

     

    [IdentityNotMappedException: Some or all identity references could not be translated.]
       System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess) +450
       System.Security.Principal.SecurityIdentifier.Translate(Type targetType) +350
       EPiServer.Security.WindowsMembershipProvider.GroupNamesFromIdentity(WindowsIdentity identity, String[] deletePrefix) +310
       EPiServer.Security.WindowsRoleProvider.GetRolesForUser(String username) +190
       System.Web.Security.RolePrincipal.IsInRole(String role) +263
       EPiServer.Security.WindowsAdministratorsRole.IsInVirtualRole(IPrincipal principal, Object context) +40
       EPiServer.Security.VirtualRolePrincipal.IsInVirtualRole(String role, SecurityEntityType type) +168
       EPiServer.Security.VirtualRolePrincipal.IsInRole(String role, SecurityEntityType type) +579
       EPiServer.Security.WindowsAdministratorsRole.IsInVirtualRole(IPrincipal principal, Object context) +40
       EPiServer.Security.VirtualRolePrincipal.IsInVirtualRole(String role, SecurityEntityType type) +168
       EPiServer.Security.VirtualRolePrincipal.IsInRole(String role, SecurityEntityType type) +579
       EPiServer.Security.AccessControlList.QueryAccess(IPrincipal principal, AccessLevel maxAccess) +288
       EPiServer.Security.AccessControlList.QueryDistinctAccess(IPrincipal principal, AccessLevel access) +20
       EPiServer.PageBase.GetPage(PageReference pageLink, ILanguageSelector selector) +389
       EPiServer.Web.PageExtensions.SaveCurrentPage.get_CurrentPage() +375
       EPiServer.PageBase.InitializeCulture() +116
       ASP.default_aspx.__BuildControlTree(default_aspx __ctrl) in \default.aspx:1
       ASP.default_aspx.FrameworkInitialize() in c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\470b9cc4\f65ffcf\App_Web_xtm4foch.1.cs:0
       System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +72
       System.Web.UI.Page.ProcessRequest() +269
       System.Web.UI.Page.ProcessRequest(HttpContext context) +167
       ASP.default_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\470b9cc4\f65ffcf\App_Web_xtm4foch.1.cs:0
       System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +625
       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270

  • April 19 2012, 19:33

    AD can be a real pain sometimes.. Especially with domain prefixes.. My guess would be Windows can't authenticate the username, it's either non-existing or can't contact the domain controller or the username is truncated or something, try these things:

    Is your username very long?

    Try to prefix your logon name with the domain name..

    Make sure you have access to the domain controller..

    See if the user logon name and the legacy field (pre-windows 2000) match, try both (with/without domain prefix).

  • April 20 2012, 11:22
    Content is edited

    Hi

    By looking at the stacktraces you both get, I believe its one of the groups that the user belongs that cannot be translated by Windows.

    The groups that belongs to a WindowsIdentity are all in the form "S-1-2-3-4-5-nnn", which is not very friendly to the user, so a call to Translate()
    is made to get the more human readible name, like "Everyone".

    One of the logged in user's groups fail this Translate call, and to find _which_ group that is would require some debugging on the machine, either hooking up the debugger and set a breakpoint onb the IdentityNotMappedException. One could also setup the debugger to dump a memory dump
    and then inspect it later if this is on a production server and the problem is not reproducable on development machine.

    I'd be happy to assist you in continuing troubleshooting if yo want.

    /johan

  • April 20 2012, 14:46

    For me it was much simpler than that.  I had a mismatch in my web.config.

    I was also using Multiplexor with ActiveDirectoryProvider first and WindowsProvider second. Removing the WindowsProvider made it work.

    So I just changed from Multiplexor to only go with ActiveDirectoryProvider and now all is good.

  • April 20 2012, 14:50

    Haha I'm glad you got it sorted :)

  • April 20 2012, 15:00

    i still wonder why the windowsprovidor wouldnt work as a 2nd providor. I had a local windows user i had been using up until connecting to the AD.

  • January 30 2014, 11:41
    Content is edited

    Troubleshooting this error right now on a 5R2 intranet that has been moved to a new domain. I have built a console app to catch which SID throws the error. In my case right now it's the lookup for S-1-18-1 (AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY) that fails. The server is a Windows 2003 server but the domain controller is 2012.

    http://support.microsoft.com/kb/2830145/en-us?sd=rss&spid=14019

    We are looking into if the hotfix mentioned is available for 2003.

    Otherwise I guess we need to implement our own WindowsMembershipProvider where public static string[] GroupNamesFromIdentity(WindowsIdentity identity, string[] deletePrefix) doesn't call Translate() for the new 2012 SID's or just does a try/catch.

    ... or has anyone solved this another way when hosted on Windows 2003?

    This is the console app I created and ran as a user from the troublesome domain:

    namespace SecurityDebug
    {
        using System;
        using System.Collections.Generic;
        using System.Linq;
        using System.Security.Principal;
        using System.Text;
    
        public class Program
        {
            public static void Main(string[] args)
            {
                var identity = WindowsIdentity.GetCurrent();
    
                if (identity != null)
                {
                    Console.WriteLine("Starting to list current user's (" + identity.Name + ") groups:");
                    GetGroupNamesFromIdentity(identity);
                }
            }
    
            public static void GetGroupNamesFromIdentity(WindowsIdentity identity)
            {
                if (identity.Groups != null)
                {
                    foreach (IdentityReference item in identity.Groups)
                    {
                        Console.WriteLine();
                        Console.WriteLine(item.Value);
    
                        try
                        {
                            string value = item.Translate(typeof(NTAccount)).Value;
                            Console.WriteLine("Translated to: " + value);
                        }
                        catch (Exception)
                        {
                            Console.WriteLine("-- TRANSLATE FAILED --");
                        }
                    }
                }
            }
        }
    }
    

       

  • March 19 2014, 8:14

    Löste du detta på något sätt Johan? Jag har precis stött på motsvarande problem efter AD-uppgradering på ett EPi5-intranät.

  • March 19 2014, 9:26

    Yes, I created my own WindowsRole and Membership provider. In there I just do:

    foreach (IdentityReference item in identity.Groups)
                        {
                            string groupName;
    
                            if (!IdentityToName.TryGetValue(item, out groupName))
                            {
                                switch (item.Value)
                                {
                                    case "S-1-18-1":
                                    case "S-1-18-2":
                                        Log.DebugFormat("2003 incompatible SID found: {0}", item.Value);
                                        continue;
                                }

        

First   1   Last