Вернуться   AXForum > Microsoft Dynamics AX > DAX Blogs
Забыли пароль?
Зарегистрироваться Правила Справка Пользователи Сообщения за день Поиск Все разделы прочитаны

Опции темы Поиск в этой теме Опции просмотра
Старый 24.05.2012, 14:11   #1  
Blog bot is offline
Blog bot
25,345 / 844 (79) +++++++
Регистрация: 28.10.2006
emeadaxsupport: Dynamics AX 2012: Some problems with setting up Form Authentication for Enterprise Portal

Lately we run into two issues while setting up Form authentication for Dynamics AX 2012 Enterprise Portal.

We could go into Enterprise Portal and we select Form based authentication provider, after that we specify the user and password. After clicking sign in we get immediately SharePoint error "An unexpected error has occurred."

In event log we could see following error:

Cannot open database "aspnetdb" requested by the login. The login failed.
Login failed for user CONTOSO\bcproxy'.System.Data.SqlClient.SqlException
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)

The issue happens when we run command

$Cred = Get-Credential - here I used bcproxy accountAdd-AXSharepointClaimsAuthenticationProvider -Type Forms -Name FormsAuth -SigningCertificate $SigningCert -Credential $Cred -Port 7000 -SSLCertificate $SSLCert

with account which is not local admin on machine. The Form based provider web application will be created with application pool which run as contoso\bcproxy user. And this user needs to have access to aspnetdb to authenticate form user.

The solution to this problem is to CONTOSO\bcproxy user as login to aspnetdb. We can give him db_owner role for database or db_datareader + db_datawrite + execute permission for all aspnet_* stored procedure in dbo schema.

After we went through login to database problem, we got new error in event log:

Keyset does not exist
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean

This problem was a little more complicated as error is not straight forward.

The issue is that the provider after authenticating user is unable to sign the claims correctly because again application pool account does not have access to private key. To solve the problem:
  1. Open mmc
  2. Open Certificates (Local computer)
  3. Go to Personal > Certificates
  4. Select certificate created for signing (the one created with makecert.exe tool)
  5. Right click on this certificate select All tasks > Manage Private Keys
  6. Add you bcproxy account (the account which is running DynamicsFormsSTS – – give the account Full control and Read
  7. Restart IIS
After above actions our Form Based authentication should work correctly with Enterprise Portal

Расскажите о новых и интересных блогах по Microsoft Dynamics, напишите личное сообщение администратору.

Похожие темы
Тема Автор Раздел Ответов Посл. сообщение
Rahul Sharma: Claims-Based Flexible Authentication in Dynamics AX 2012 Blog bot DAX Blogs 0 02.05.2012 09:11
dynamicsaxtraining: Purchase Blog bot DAX Blogs 0 11.03.2012 05:25
emeadaxsupport: New Content for Microsoft Dynamics AX 2012 : October 2011 Blog bot DAX Blogs 0 27.10.2011 17:11
axinthefield: Dynamics AX Event IDs Blog bot DAX Blogs 0 01.03.2011 22:11
daxdilip: Whats New in Dynamics AX 2012 (A brief extract from the recently held Tech Conf.) Blog bot DAX Blogs 7 31.01.2011 12:35
Опции темы Поиск в этой теме
Поиск в этой теме:

Расширенный поиск
Опции просмотра

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Быстрый переход

Часовой пояс GMT +3, время: 18:31.
Powered by vBulletin® v3.8.5. Перевод: zCarot
Контактная информация, Реклама.