Windows Authentification (PopulateWindowsIdentity issue )

Context : NET 4.5 / SL 5 / Csla: 4.5.30.0 / IIS: 7.5 / OS: Win7

Hi everyone,

I am currently experiencing a problem getting windows authentication working with my CSLA 4.5 SL application.  I have setup windows authentication the same way as the samples from the ebook (04-Dataportal).

When I run the application from my development workstation with IISExpress, everything works fine.  So I have next setup my development and test web servers using IIS 7.5.  I have worked through many issues getting impersonation to work (starting with just enable Windows Authentification and ASP.NET Identity, using Asp.net v4.0 Classic application pool ...).  Now, I think the IIS configuration and web.config are fine (Just in case, I have included them at the end of the post).  

Now, when I call the application (hosted into iis) from the browser on my development machine, the browser authentication prompt is displayed but if I log-in I get the following exception : "Some or all identity references could not be translated":

So, I ended up setting up remote debugging on my development web server to see what was going on.I have found that the exception came up on the PopulateWindowsIdentity method (Csla.Silverlight.Security)

Below, the stack trace:

    à System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)

   à System.Security.Principal.SecurityIdentifier.Translate(Type targetType)

   à Csla.Silverlight.Security.WindowsIdentity.PopulateWindowsIdentity()

   à Library.CustomIdentity.DataPortal_Fetch() dans c:\Users\CONTE\Documents\Visual Studio 2012\Projects\Samples\CSLA V4.5.30-23\04-DataPortal-110504\Authentication\Windows 4.5\Library.Net\CustomIdentity.cs:ligne 27

   à lambda_method(Closure , Object , Object[] )

   à Csla.Reflection.MethodCaller.CallMethod(Object obj, DynamicMethodHandle methodHandle, Boolean hasParameters, Object[] parameters)

Does anybody know what the issue here might be?  

Here some posts with interesting advices:

http://forums.lhotka.net/forums/p/8931/42494.aspx

http://forums.lhotka.net/forums/p/9453/44801.aspx

IIS Configuration used :

·         IIS Authentication settings: ASP.NET Impersonation and Windows Authentication are enabling.

·         ASP.NET v4.0 Classic is used for the application pool

web.config used:

<configuration>

  <appSettings>

    <add key="CslaAuthentication" value="Windows"/>

    <add key="CslaWriter" value="Csla.Serialization.Mobile.CslaBinaryWriter, Csla" />

    <add key="CslaReader" value="Csla.Serialization.Mobile.CslaBinaryReader, Csla" />

  </appSettings>

  <system.web>

    <compilation debug="true" targetFramework="4.5"/>

    <authentication mode="Windows"/>

    <identity impersonate="true" /> <!-- comment it to run with iis express -->

    <pages controlRenderingCompatibilityVersion="4.0"/>

  </system.web>

  <system.diagnostics>

    <sources>

      <source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">

        <listeners>

          <add name="traceListener" type="System.Diagnostics.XmlWriterTraceListener" initializeData="c:\temp\WinAuthTrace.xml"/>

        </listeners>

      </source>

    </sources>

    <trace autoflush="true"/>

  </system.diagnostics>

  <system.serviceModel>

    <serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>

    <services>

      <service name="Csla.Server.Hosts.WcfPortal" behaviorConfiguration="windowsAuthReturnFaults">

        <endpoint binding="wsHttpBinding" bindingConfiguration="wsHttpBinding_IWcfPortal" contract="Csla.Server.Hosts.IWcfPortal"/>

      </service>

      <service name="Csla.Server.Hosts.Mobile.WcfPortal" behaviorConfiguration="returnFaults">

        <endpoint binding="basicHttpBinding" bindingConfiguration="basicHttpBinding_IWcfPortal"

                  contract="Csla.Server.Hosts.Mobile.IWcfPortal" />

      </service>

    </services>

    <bindings>

      <basicHttpBinding>

          <binding name="basicHttpBinding_IWcfPortal"

                   maxReceivedMessageSize="2147483647"

                   maxBufferPoolSize="2147483647"

                   maxBufferSize="2147483647">

            <readerQuotas maxBytesPerRead="2147483647"

                          maxArrayLength="2147483647"

                          maxStringContentLength="2147483647"

                          maxNameTableCharCount="2147483647"

                          maxDepth="2147483647"/>

          <security mode="TransportCredentialOnly">

            <transport clientCredentialType="Windows"/>

          </security>

        </binding>

      </basicHttpBinding>

      <wsHttpBinding>

        <binding name="wsHttpBinding_IWcfPortal" 

                 maxReceivedMessageSize="2147483647">

          <readerQuotas maxBytesPerRead="2147483647" 

                        maxArrayLength="2147483647" 

                        maxStringContentLength="2147483647" 

                        maxNameTableCharCount="2147483647" 

                        maxDepth="2147483647"/>

        </binding>

      </wsHttpBinding>

    </bindings>

    <behaviors>

      <serviceBehaviors>

        <behavior name="returnFaults">

          <serviceDebug includeExceptionDetailInFaults="true"/>

          <serviceAuthorization impersonateCallerForAllOperations="true" /> <!-- comment it to run with iis express -->

        </behavior>

        <behavior name="windowsAuthReturnFaults">

          <serviceDebug includeExceptionDetailInFaults="true"/>

           <serviceAuthorization impersonateCallerForAllOperations="true"/>

        </behavior>

      </serviceBehaviors>

    </behaviors>

  </system.serviceModel>

</configuration>

Best regards,

Cedric