Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 301 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
AccessControlService auth throws strange error in Web Client
Charleh
Member Posts: 44
Hi all,
Desktop client works fine and logs in with SSO to O365. I've set this up before for other customers, the only difference here is that there's a load balancer in front of the web client app.
I get this stack:
I've decompiled the NAV dlls in order to figure out what code is running here and it boils down to this single line of code where the getter for Query is first accessed in the CalculateReply method on FederatedAuthenticationUrlRewriter
The getter for authUri.Query is throwing - so it seems the acsUri is relative...
In my config it is not relative:
Does anyone have any clue why it might be reading this as a relative Url?
There are some acsUri transform methods before this, but I've run them through with various combinations of parameters and they seem ok.
Head sore from banging it against brick wall.
Desktop client works fine and logs in with SSO to O365. I've set this up before for other customers, the only difference here is that there's a load balancer in front of the web client app.
I get this stack:
Error accessing Website Microsoft Dynamics NAV 2017 Web Client Raw Url: /company/WebClient/SignIn.aspx?ReturnUrl=blahblah Url: https://www.someurl.com/company/WebClient/SignIn.aspx?ReturnUrl=blahblah Type: System.InvalidOperationException Message: This operation is not supported for a relative URI. StackTrace: at System.Uri.get_Query() at Microsoft.Dynamics.Framework.UI.Web.FederatedAuthenticationUrlRewriter.CalculateReply(Uri originalRequestUri, Uri authUri, String replyQuery) at Microsoft.Dynamics.Framework.UI.Web.FederatedAuthenticationUrlRewriter.RewriteAcsUri(Uri originalRequestUri, Uri acsUri) at Microsoft.Dynamics.Nav.WebClient.Security.AcsAuthenticationProvider.Authenticate(HttpContextBase context, String userName, String password) at Microsoft.Dynamics.Nav.Client.WebClient.SignIn.Authenticate() at Microsoft.Dynamics.Nav.Client.WebClient.SignIn.SetAuthenticationProvider() at Microsoft.Dynamics.Nav.Client.WebClient.SignIn.OnInitCore(EventArgs e) Source: System
I've decompiled the NAV dlls in order to figure out what code is running here and it boils down to this single line of code where the getter for Query is first accessed in the CalculateReply method on FederatedAuthenticationUrlRewriter
if (!HttpUtility.ParseQueryString(authUri.Query).AllKeys.Contains<string>(replyQuery, StringComparer.OrdinalIgnoreCase))
The getter for authUri.Query is throwing - so it seems the acsUri is relative...
In my config it is not relative:
https://login.windows.net/tenant-is-here.onmicrosoft.com/wsfed?etc-etc-etc
Does anyone have any clue why it might be reading this as a relative Url?
There are some acsUri transform methods before this, but I've run them through with various combinations of parameters and they seem ok.
Head sore from banging it against brick wall.
Charleh
0
Answers
The web client appears to draw its settings from the service tier configuration provider in NAV2017 and later.
The only reason I found this out was copying a config from a working customer over and forgetting to change the server name that pointed to the NST. The web.config kicked in and it started redirecting to the O365 sign in page.
When I put the correct server/NST name in it started throwing the error. It turns out the NST settings were not correct (but I had assumed it would ignore the NST settings and just use the web config)
I'm pretty sure it doesn't do this in 2016 so it's a little frustrating that it's not documented (as far as I can see).