LDAP PropertySet with Anonymous Authentication

Similar Messages

• Issue with Anonymous Authentication and updating or starting new projects

  So 2 weeks ago I had a post about Anonymous Authentication found here:
  https://social.technet.microsoft.com/Forums/office/en-US/9b0e6eec-190a-4b48-a280-6adef441659a/issue-with-anonymous-authentication-and-people-picker-and-reports?forum=sharepointgeneral&prof=required
  That issue has been resolved but has created a new issue. We have Anonymous Authentication disabled but when one of our users tries to make a new project she gets the following:
  Unexpected response from server. The status code of response is '0'. The status text of response is ''.
  When she tries to edit an existing project, she gets the following:
  The server was unable to save the form at this time. Please try again.
  If I re-enable the Anonymous Auth. everything works for her again, but then we face the issue from the original post with reports not publishing.
  Any ideas on how to make everything get along?

  #apDiv2 {
      position: absolute;
      width: 698px;
      height: 299px;
      z-index: 1;
      left:50px;
      top: 117px;
      overflow: scroll;
  Don't forget to fix your code errors.  You're still missing a <body> tag in your markup. 
  Nancy O.

• Problems with Anonymous authentication !!

  Hi All,
  I hope this is the right forum to ask my problem. And also, I would like to say that I dont have any idea in Java.
  Our problem is
  1. We are using Java SSL as server and OpenSSL as client.
  2. For server authentication, the connection is successful.
  3. But for Anonymous authentication, the connection fails in read server hello.
  I am not sure why this connection is failing. I have referred to client log file but did not get any information to solve the problem.
  I dont know how to check log information in the server side if it provides.
  Our settings are like this in server.xml for server side :
  <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
  maxThreads="150" scheme="https" secure="false"
  clientAuth="false" sslProtocol="TLS" />
  Please let me know whether above settings are OK for Anonymous authentication or not.
  If above settings are OK, please let me know how can I debug into the problem.
  Server is being run with TomCat.
  As I am not familiar with Java, May be I did not provide enough details.
  You may think that if I am not familiar, why I am posting ? :) I am supporting some other project team for SSL. So, we have faced this problem. I am familiar with SSL but not Java.
  Please let me know if you need any further details.
  Thank you very much !
  Regards
  Satish.

  3. But for Anonymous authenticationAnonymous authentication is a contradiction in terms. What you are doing is anonymous SSL, i.e. with no authentication.
  the connection fails in read server hello. Fails how? With what exception? stack trace? message? What happens if you run the server with -Djavax.net.debug=ssl,handshake?
  Please let me know whether above settings are OK for Anonymous authentication or not.They are not. You would have to enable one or more of the anonymous cipher suites. They are disabled by default.
  Next question, why are you doing anonymous SSL? Are you aware that it isn't secure?

• Issue with Anonymous Authentication and People Picker and reports

  Hello,
  We are having an issue with sharepoint 2013 where we have reports that get published to sharepoint via visual studio and we use the people picker for different list.
  The overall issue is SSRS does not work if Anonymous Authentication is enabled which caused this error when trying to publish a report:
  The permissions granted to user 'NT AUTHORITY\ANONYMOUS LOGON' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException:
  The permissions granted to user 'NT AUTHORITY\ANONYMOUS LOGON' are insufficient for performing this operation
  However, if we disable Anonymous Authentication, the people picker search option does not work and we get there error:
  Sorry, we're having trouble reaching the server.
  I found this web blog on a solution, https://blog.karstein-consulting.com/2014/02/18/sharepoint-2013-people-picker-error-sorry-were-having-trouble-reaching-the-server/
  however this did not work.
  Does anyone have ant other suggestions?

  Hi JCrescenzo,
  Please try to get the property of the people picker, perhaps there is a rule that implemented on your environment:
  stsadm -o getproperty -propertyname peoplepicker-searchadcustomfilter -url 
  http://site_collection_url
  If yes, clear it by running:
  stsadm -o setproperty -propertyname peoplepicker-searchadcustomfilter -propertyvalue " " -url
  http://site_collection
  There are two similar posts, please check if they are useful for you:
  https://social.technet.microsoft.com/Forums/en-US/621d439b-f2eb-4dc2-8797-eb7f2f3996e4/people-picker-returning-search-filter-is-invalid-in-uls-log-when-searching-for-users?forum=sharepointgeneralprevious
  https://gavinmckay.wordpress.com/2011/07/15/troubleshooting-sharepoint-2010-claims-based-authentication-with-active-directory-lightweight-directory-services-ad-lds/
  Best Regards,
  Wendy
  Wendy Li
  TechNet Community Support

• Anonymous Authentication

  Hi all,
  I've a custom portal component whose <b>authscheme </b>has been set to <b>anonymous</b>. When I access this component the login module for NTLM gets called.
  Is this a standard behaviour?
  Cheers,
  Marco

  Lucio Piccoli <[email protected]> wrote in message
  news:[email protected]..
  Hi all,
  I am atttempting to config WLS5.1 to use SSL with anonymousauthentication.
  The WLS docs refer to one/two way authentication. However i want to handle
  the authentication via HTTP basic authentication without the hassle of
  passing certs arround. Is anonymous auth available in WLS5.1? If so kindly
  tell me how.First are you attempting to hit a servlet or an EJB with anonymous
  authentication? Anonymous authentication works exactly opposite depending on
  which one your trying to access. The servlet spec allows anonymous servlet
  access unless the it's been specifically limit. The EBJ spec says that
  anonymous access is forbidden unless specifically configured (must have
  "everyone" specified on it's ACL list)
  One way authentication is basically anonymous client / authenticated server,
  two authentication is considered mutual authentication where the client also
  supplies it's cert/key pair to the server for validation against a
  client/user who has been configured for mutual cert auth.
  Alex
  >
  thanks
  -lucio

• Active LDAP with Anonymous login

  hello all,
  We are using LDP as a method to authenticate users.
  How can we set up the Active LDAP with Anonymous login .
  Thanks in advance.

  It's not clear what you want to do.
  Do you want to set up LDAP for authentication?
  Or
  Do you want to set up a custom authentication scheme that tries to authenticate via LDAP and if unsuccessful, logs the user in as an anonymous user?

• Error in authentication with ldap server with certificate

  Hi,
  i have a problem in authentication with ldap server with certificate.
  here i am using java API to authenticate.
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
  I issued the new certificate which is having the up to 5 years valid time.
  is java will authenticate up to one year only?
  Can any body help on this issue...
  Regards
  Ranga

  sorry i am gettting ythe same error
  javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
  here when i am using the old certificate and changing the system date means i can get the authentication.
  can you tell where we can concentrate and solve the issue..
  where is the issue
  1. need to check with the ldap server only
  2. problem in java code only.
  thanks in advance

• HTTP request was forbidden with client authentication scheme 'anonymous'

  Hi,
  We have updated our support Package for version BPC NW 10.0 release 801 from 0002 to 0005.
  After the update we are not being to access the server folders in EPM Add-in.
  We have the following error "HTTP request was forbidden with client authentication scheme 'anonymous'". Nevertheless we only can't access to the content of folders that are not public or local.
  In SLG1 log, we have the error " Access not granted, You are not the member of team: BUSINESS ADMIN". This is not true because the user has SAP_ALL in BW and is a primary administrator in BPC. The data access profile associated is the administrator member access profile.
  Has anybody seen this error?
  Best regards,
  JA

  Hi Nilanjan,
  We are able to log in into EPM Add-in.
  We have the error when we try to open input forms or reports from server, but only from some folders.
  When we select the folder we have the error.
  For example we can see the content from:
  WEBEXCEL\REPORTLIBRARY\
  ADMIN\WEBEXCEL\TEAMREPORTLIBRARY\
  But we can't see the content from:
  BUSINESS ADMIN\WEBEXCEL\TEAMREPORTLIBRARY\
  TEAM FI\WEBEXCEL\TEAMREPORTLIBRARY\
  The user has administrator member access profile ans is included in all teams (ADMIN, BUSINESS ADMIN and TEAM FI)
  We really can't see what could be the problem
  Hope you can help us.
  regards,
  JA

• Failed to use LDAP over SSL MUTUAL AUTHENTICATION with some Directory enable SSL.

  In iPlanet Web Server, Enterprise Edition Administration's guide, chapter 5: secure your web server - Using SSL and TLS protocol specifying that the Administrator server camn communicate LDAP over SSL with some Directory enable SSL.
  Is there any way to configure iplanet Administration server to talk ldap/ssl in mutual authentication mode with some directory?

  Hi,
  Sorry, I could not understand what your are trying to do with iWS.
  Could you please berifly explain your question. So that I can help you.
  Regards,
  Dakshin.
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support.

• OfficialFile.asmx The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ERROR

  We are getting an error on the authentication piece when trying to submit a file to the OfficialFile.asmx web service to submit a document to the Drop-Off Library. Here is the code snippet -
  public string FileUpload(HttpPostedFile FileInput, RecordsRepositoryProperty[] properties)
  string strFileUrl = string.Empty;
  RecordsRepositorySoapClient repository = new RecordsRepositorySoapClient();
  BinaryReader b = new BinaryReader(FileInput.InputStream);
  byte[] binData = b.ReadBytes(FileInput.ContentLength);
  repository.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(iUserID, iUserPassword, iUserDomain);
  repository.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
  repository.SubmitFile(binData, properties, null, FileInput.FileName, HttpContext.Current.User.Identity.Name);
  strFileUrl = repository.GetFinalRoutingDestinationFolderUrl(properties, null, FileInput.FileName).Url;
  return strFileUrl;
  Although we are setting the network credential in the client call we still get the error
  - The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.
  Ideas?
  Thanks in advance.

  Hi,
  Based on the error message, the issue is related to the authentication type.
  I suggest you can specify the credential type like the below:
  CredentialCache credentialCache = new CredentialCache();
  NetworkCredential credentials = new NetworkCredential(UserName, PassWord, sDomain);
  credentialCache.Add(new Uri(recordCenterUrl), "NTLM", credentials);
  Here is a detailed code demo for your reference:
  http://blogs.msdn.com/b/mcsnoiwb/archive/2011/06/06/sending-files-to-a-record-center-using-the-sp2010-webservice-officialfile-asmx.aspx
  Best Regards
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Jerry Guo
  TechNet Community Support

• BW iViews with Anonymous Scheme Authentication

  Hi Team,
        Actually, we are in a IP project, we are working with Portal 7 SP 13 and BW 7 SP 14, but we have a problem with the bex iviews on the Anonymous view. Colud you help us to solve this issue, because when we are on the anonymous view on the portal, the bex iviews always ask us user and password, but them have on the properties parameters the anonymous scheme authentication.
  Some of  you know what is the problem or know if the bex iview works with the anonymous scheme authentication.
  Thanks so much.
  Best Regards.
  Denise.

  Hi,
  Thanks for your answer, but the user have been created and i have configured the SSO between Portal and BW but the error continue, when i open the portal with anonymous option http://portalhost:portalport/irj/portal/anonymous, the bw iview ask me  the user and password.
  Best Regards.

• Is there a way for DAS to work with anonymous bindings turned off?

  Hi,
  I noticed that whenever I set "Allow Anonymous Binds" to "0" in oidadmin, DAS stops working after the next reboot. However, when the option is set to "1", JAZN lets users access protected pages when they do not supply a password (though the correct username must still be provided.) Does anyone know of ways to either get DAS to work without anonymous access or to make JAZN not authorize users who supply blank passwords with anonymous access?
  Thank you,
  Yuriy

  I hadn't seen a reply to this message and I'm running into the same problem with JAZN, i.e. JAZN-LDAP is authenticating all users with a blank password.
  Is the only solution to turn off anonymous binds?
  Thanks

• Anonymous Authentication Custom PRF File

  Hi All,
  I'll try to make this as simple as possible, I have customized a .prf file using the office customization tool, and made a .bat file that a user can click on, starts outlook and automatically imports the server settings.
  My only issue is, with Exchange 2013, the "Logon network security" type needs to be Anonymous Authentication, and am not sure if it is even possible to set/change. I have opened the .prf file in notepad, but can't seem to find anything related.
  Here is the .prf file for quick reference: 
  ;Automatically generated PRF file from the Microsoft Office Customization and Installation Wizard
  ; Section 1 - Profile Defaults
  [General]
  Custom=1
  ProfileName=Test
  DefaultProfile=Yes
  OverwriteProfile=Append
  ModifyDefaultProfileIfPresent=false
  DefaultStore=Service1
  ; Section 2 - Services in Profile
  [Service List]
  ;ServiceX=Microsoft Outlook Client
  ServiceEGS1=Exchange Global Section
  Service1=Microsoft Exchange Server
  ; Section 3 - List of internet accounts
  [Internet Account List]
  ; Section 4 - Default values for each service.
  ;[ServiceX]
  ;FormDirectoryPage=
  ;-- The URL of Exchange Web Services Form Directory page used to create Web forms.
  ;WebServicesLocation=
  ;-- The URL of Exchange Web Services page used to display unknown forms.
  ;ComposeWithWebServices=
  ;-- Set to true to use Exchange Web Services to compose forms.
  ;PromptWhenUsingWebServices=
  ;-- Set to true to use Exchange Web Services to display unknown forms.
  ;OpenWithWebServices=
  ;-- Set to true to prompt user before opening unknown forms when using Exchange Web Services.
  [ServiceEGS1]
  MailboxName=%UserName%@domain.com
  HomeServer=
  AccountName=domain
  ConfigFlags=0x00000000
  RPCoverHTTPflags=0x002d
  RPCProxyServer=
  RPCProxyPrincipalName=msstd:
  RPCProxyAuthScheme=0x0001
  [Service1]
  OverwriteExistingService=Yes
  UniqueService=No
  MailboxName=%UserName%@domain.com
  HomeServer=
  DefaultAccount=TRUE
  ; Section 5 - Values for each internet account.
  ; Section 6 - Mapping for profile properties
  [Microsoft Exchange Server]
  ServiceName=MSEMS
  MDBGUID=5494A1C0297F101BA58708002B2A2517
  MailboxName=PT_STRING8,0x6607
  HomeServer=PT_STRING8,0x6608
  OfflineAddressBookPath=PT_STRING8,0x660E
  OfflineFolderPathAndFilename=PT_STRING8,0x6610
  [Exchange Global Section]
  SectionGUID=13dbb0c8aa05101a9bb000aa002fc45a
  MailboxName=PT_STRING8,0x6607
  HomeServer=PT_STRING8,0x6608
  ConfigFlags=PT_LONG,0x6601
  RPCoverHTTPflags=PT_LONG,0x6623
  RPCProxyServer=PT_UNICODE,0x6622
  RPCProxyPrincipalName=PT_UNICODE,0x6625
  RPCProxyAuthScheme=PT_LONG,0x6627
  AccountName=PT_UNICODE,0x6620
  [Microsoft Mail]
  ServiceName=MSFS
  ServerPath=PT_STRING8,0x6600
  Mailbox=PT_STRING8,0x6601
  Password=PT_STRING8,0x67f0
  RememberPassword=PT_BOOLEAN,0x6606
  ConnectionType=PT_LONG,0x6603
  UseSessionLog=PT_BOOLEAN,0x6604
  SessionLogPath=PT_STRING8,0x6605
  EnableUpload=PT_BOOLEAN,0x6620
  EnableDownload=PT_BOOLEAN,0x6621
  UploadMask=PT_LONG,0x6622
  NetBiosNotification=PT_BOOLEAN,0x6623
  NewMailPollInterval=PT_STRING8,0x6624
  DisplayGalOnly=PT_BOOLEAN,0x6625
  UseHeadersOnLAN=PT_BOOLEAN,0x6630
  UseLocalAdressBookOnLAN=PT_BOOLEAN,0x6631
  UseExternalToHelpDeliverOnLAN=PT_BOOLEAN,0x6632
  UseHeadersOnRAS=PT_BOOLEAN,0x6640
  UseLocalAdressBookOnRAS=PT_BOOLEAN,0x6641
  UseExternalToHelpDeliverOnRAS=PT_BOOLEAN,0x6639
  ConnectOnStartup=PT_BOOLEAN,0x6642
  DisconnectAfterRetrieveHeaders=PT_BOOLEAN,0x6643
  DisconnectAfterRetrieveMail=PT_BOOLEAN,0x6644
  DisconnectOnExit=PT_BOOLEAN,0x6645
  DefaultDialupConnectionName=PT_STRING8,0x6646
  DialupRetryCount=PT_STRING8,0x6648
  DialupRetryDelay=PT_STRING8,0x6649
  [Personal Folders]
  ServiceName=MSPST MS
  Name=PT_STRING8,0x3001
  PathAndFilenameToPersonalFolders=PT_STRING8,0x6700
  RememberPassword=PT_BOOLEAN,0x6701
  EncryptionType=PT_LONG,0x6702
  Password=PT_STRING8,0x6703
  [Unicode Personal Folders]
  ServiceName=MSUPST MS
  Name=PT_UNICODE,0x3001
  PathAndFilenameToPersonalFolders=PT_STRING8,0x6700
  RememberPassword=PT_BOOLEAN,0x6701
  EncryptionType=PT_LONG,0x6702
  Password=PT_STRING8,0x6703
  [Outlook Address Book]
  ServiceName=CONTAB
  [LDAP Directory]
  ServiceName=EMABLT
  ServerName=PT_STRING8,0x6600
  UserName=PT_STRING8,0x6602
  UseSSL=PT_BOOLEAN,0x6613
  UseSPA=PT_BOOLEAN,0x6615
  EnableBrowsing=PT_BOOLEAN,0x6622
  DisplayName=PT_STRING8,0x3001
  ConnectionPort=PT_STRING8,0x6601
  SearchTimeout=PT_STRING8,0x6607
  MaxEntriesReturned=PT_STRING8,0x6608
  SearchBase=PT_STRING8,0x6603
  CheckNames=PT_STRING8,0x6624
  DefaultSearch=PT_LONG,0x6623
  [Microsoft Outlook Client]
  SectionGUID=0a0d020000000000c000000000000046
  FormDirectoryPage=PT_STRING8,0x0270
  WebServicesLocation=PT_STRING8,0x0271
  ComposeWithWebServices=PT_BOOLEAN,0x0272
  PromptWhenUsingWebServices=PT_BOOLEAN,0x0273
  OpenWithWebServices=PT_BOOLEAN,0x0274
  CachedExchangeMode=PT_LONG,0x041f
  CachedExchangeSlowDetect=PT_BOOLEAN,0x0420
  [Personal Address Book]
  ServiceName=MSPST AB
  NameOfPAB=PT_STRING8,0x001e3001
  PathAndFilename=PT_STRING8,0x001e6600
  ShowNamesBy=PT_LONG,0x00036601
  ; Section 7 - Mapping for internet account properties. DO NOT MODIFY.
  [I_Mail]
  AccountType=POP3
  ;--- POP3 Account Settings ---
  AccountName=PT_UNICODE,0x0002
  DisplayName=PT_UNICODE,0x000B
  EmailAddress=PT_UNICODE,0x000C
  ;--- POP3 Account Settings ---
  POP3Server=PT_UNICODE,0x0100
  POP3UserName=PT_UNICODE,0x0101
  POP3UseSPA=PT_LONG,0x0108
  Organization=PT_UNICODE,0x0107
  ReplyEmailAddress=PT_UNICODE,0x0103
  POP3Port=PT_LONG,0x0104
  POP3UseSSL=PT_LONG,0x0105
  ; --- SMTP Account Settings ---
  SMTPServer=PT_UNICODE,0x0200
  SMTPUseAuth=PT_LONG,0x0203
  SMTPAuthMethod=PT_LONG,0x0208
  SMTPUserName=PT_UNICODE,0x0204
  SMTPUseSPA=PT_LONG,0x0207
  ConnectionType=PT_LONG,0x000F
  ConnectionOID=PT_UNICODE,0x0010
  SMTPPort=PT_LONG,0x0201
  SMTPSecureConnection=PT_LONG,0x020A
  ServerTimeOut=PT_LONG,0x0209
  LeaveOnServer=PT_LONG,0x1000
  [IMAP_I_Mail]
  AccountType=IMAP
  ;--- IMAP Account Settings ---
  AccountName=PT_UNICODE,0x0002
  DisplayName=PT_UNICODE,0x000B
  EmailAddress=PT_UNICODE,0x000C
  ;--- IMAP Account Settings ---
  IMAPServer=PT_UNICODE,0x0100
  IMAPUserName=PT_UNICODE,0x0101
  IMAPUseSPA=PT_LONG,0x0108
  Organization=PT_UNICODE,0x0107
  ReplyEmailAddress=PT_UNICODE,0x0103
  IMAPPort=PT_LONG,0x0104
  IMAPUseSSL=PT_LONG,0x0105
  ; --- SMTP Account Settings ---
  SMTPServer=PT_UNICODE,0x0200
  SMTPUseAuth=PT_LONG,0x0203
  SMTPAuthMethod=PT_LONG,0x0208
  SMTPUserName=PT_UNICODE,0x0204
  SMTPUseSPA=PT_LONG,0x0207
  ConnectionType=PT_LONG,0x000F
  ConnectionOID=PT_UNICODE,0x0010
  SMTPPort=PT_LONG,0x0201
  SMTPSecureConnection=PT_LONG,0x020A
  ServerTimeOut=PT_LONG,0x0209
  CheckNewImap=PT_LONG,0x1100
  RootFolder=PT_UNICODE,0x1101
  Account=PT_UNICODE,0x0002
  HttpServer=PT_UNICODE,0x0100
  UserName=PT_UNICODE,0x0101
  Organization=PT_UNICODE,0x0107
  UseSPA=PT_LONG,0x0108
  TimeOut=PT_LONG,0x0209
  Reply=PT_UNICODE,0x0103
  EmailAddress=PT_UNICODE,0x000C
  FullName=PT_UNICODE,0x000B
  Connection Type=PT_LONG,0x000F
  ConnectOID=PT_UNICODE,0x0010
  Is this possible?
  Thanks!

  My only issue is, with Exchange 2013, the "Logon network security" type needs to be Anonymous Authentication, and am not sure if it is even possible to set/change.
  Hi,
  Sorry for the lack of knowledge on .prf file above.
  However if we want to enable the Anonymous Authentication on the Exchange 2013 server side, I can share some information for you.
  Based on my experience, the "Logon network security" option exists in Outlook client. We can run some commands on EMS to enable the Anonymous Authentication on the server side. Please follow me, steps as below:
  1. First I suggest verify the Outlook Anywhere settings on Exchange 2013 CAS server via following command:
  Get-OutlookAnywhere -Server Exch1
  2. If "ExternalHostName" is set, please change the "ExternalClientAuthenticationMethod" to Negotiate via following command:
  Get-OutlookAnywhere -Server Exch1 | Set-OutlookAnywhere -ExternalClientAuthenticationMethod Negotiate
  3. Please note: If the DefaultAuthenticationMethod parameter is specified,
  InternalClientAuthenticationMethod, ExternalClientAuthenticationMethod and
  IISAuthenticationMethods parameters cannot be used. More details in the following article:
  Set-OutlookAnywhere
  http://technet.microsoft.com/en-us/library/bb123545(v=exchg.150).aspx
  However if we enable the Anonymous Authentication, it maybe something wrong in some situation. For example, Users of Exchange Server 2013 or Exchange Online can't open public folders or shared mailboxes on an Exchange 2010 or Exchange 2007 server. 
  Found a related KB for your reference:
  http://support.microsoft.com/kb/2834139
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Getting SPWeb.CurrentUser as null with Windows Authentication (AD), when configured for Claims Authentication

  Hi All,
  We recently migrated to SP 2013 from SP 2010. We are using most of the OOB features, with a few custom code. We have implemented a custom ASP.NET Membership Provider that authenticates against a web service. This was working fine on SP 2010.
  The entire code base was migrated to SP 2013 (with .net fw 4.5, etc) and any issues Compile / Runtime were fixed. However, we are stuck at one bug, which seems to be occuring only while trying to login with Windows Authentication. When a user tries to login
  with Forms Authentication, the error is never noticed.
  Scenrio: Login as Windows Authentiction.
  Result: The user is signed into the system and is authenticated against the AD. For random page loads - it throws access denied (even though he is a site collection admin). While attaching a debugger, we found that, at times the SPWeb.CurrentUser is null (weird).
  At the same time, the HttpContext.Current.Request.IsAuthenticated returns true. Which means the User is Authenticated, but not available in the SPWeb.CurrentUser object. 
  Attached are couple of ULS Logs that we found. The line which says IsAuthenticated=True, UserIdentityName=, ClaimsCount=0 is a little disturbing. Can you please let me know what is happening here? I am not able to access the root site (http://win2012d2:1234/)
  however, i am able to access (http://win2012d2:1234/SitePages/Home.aspx) just fine, without any issues.
  Please note, this error is only when the user is logged into sharepoint as a windows user. The forms user faces no such issues.
  ULS Logs:
  Name=Request (GET:http://win2012d2:1234/)
  Non-OAuth request. IsAuthenticated=True, UserIdentityName=, ClaimsCount=0
  Application error when access /, Error=Exception of type 'System.ArgumentException' was thrown.  Parameter name: encodedValue  
   at Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String encodedValue)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String loginName)    
   at Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestExecuteAppHandler(Object oSender, EventArgs ea)    
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()    
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  Getting Error Message for Exception System.ArgumentException: Exception of type 'System.ArgumentException' was thrown.  Parameter name: encodedValue    
   at Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String encodedValue)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String loginName)    
   at Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestExecuteAppHandler(Object oSender, EventArgs ea)    
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()    
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  [Forced due to logging gap, Original Level: Verbose] Looking up {0} site {1} in the farm {2} 
  Unknown SPRequest error occurred. More information: 0x80070005
  SPRequest.GetPageListId: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://win2012d2:1234/
  System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace:   
   at Microsoft.SharePoint.SPContext.get_ListId()    
   at Microsoft.SharePoint.SPContext.get_List()    
   at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest()    
   at System.Web.UI.Page.ProcessRequest(HttpContext context)    
   at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride)    
   at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm)    
   at System.Web.HttpServerUtility.Transfer(String path)    
   at Microsoft.SharePoint.Utilities.SPUtility.TransferToErrorPage(String message, String linkText, String linkUrl)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorHandler(HttpApplication app, Boolean errorIsOnErrorPage)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)    
   at System.EventHandler.Invoke(Object sender, EventArgs e)    
   at System.Web.HttpApplication.RaiseOnError()    
   at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)    
   at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)    
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
  SPRequest.OpenWeb: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://win2012d2:1234/
  System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace:   
   at Microsoft.SharePoint.SPWeb.InitWeb()    
   at Microsoft.SharePoint.SPWeb.get_WebTemplateConfiguration()    
   at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest()    
   at System.Web.UI.Page.ProcessRequest(HttpContext context)    
   at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride)    
   at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm)    
   at System.Web.HttpServerUtility.Transfer(String path)    
   at Microsoft.SharePoint.Utilities.SPUtility.TransferToErrorPage(String message, String linkText, String linkUrl)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorHandler(HttpApplication app, Boolean errorIsOnErrorPage)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)    
   at System.EventHandler.Invoke(Object sender, EventArgs e)    
   at System.Web.HttpApplication.RaiseOnError()    
   at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)    
   at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)    
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

  Hi Mohamed,
  According to your description, my understanding is that the error occurred when users login with Windows Authentication.
  From the error message, I recommend to check if the anonymous access is enabled for the web application.
  And please also make sure that the users all are available and have permission to access the site.
  Here is a similar thread for you to take a look:
  http://social.technet.microsoft.com/Forums/en-US/28623bdc-a2f0-4876-9be4-9a764f106366/getting-spwebcurrentuser-as-null-with-windows-authentication-ad-when-configured-for-claims?forum=sharepointdevelopment
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support

• Autoscaling Application block for Azure worker role console app not working. Get error as The HTTP request was forbidden with client authentication

  I have written a console application to test the WASABi(AutoScaling Application Block) for my worker role running in azure. The worker role processes the messages in the queue and I want to scale-up based on the queue length. I have configured and set the
  constraints and reactive rules properly. I get the following error when I run this application.
  [BEGIN DATA]{}
      DateTime=2013-12-11T21:30:02.5731267Z
  Autoscaling General Verbose: 1002 : Rule match.
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","MatchingRules":[{"RuleName":"default","RuleDescription":"The default constraint rule","Targets":["AutoscalingWebRole","AutoscalingWorkerRole"]},{"RuleName":"ScaleUpOnHighWebRole","RuleDescription":"Scale
  up the web role","Targets":[]},{"RuleName":"ScaleDownOnLowWebRole","RuleDescription":"Scale down the web role","Targets":[]},{"RuleName":"ScaleUpOnHighWorkerRole","RuleDescription":"Scale
  up the worker role","Targets":[]},{"RuleName":"ScaleDownOnLowWorkerRole","RuleDescription":"Scale down the worker role","Targets":[]},{"RuleName":"ScaleUpOnQueueMessages","RuleDescription":"Scale
  up the web role","Targets":[]},{"RuleName":"ScaleDownOnQueueMessages","RuleDescription":"Scale down the web role","Targets":[]}]}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling General Warning: 1004 : Undefined target.
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","TargetName":"AutoscalingWebRole"}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling Updates Verbose: 3001 : The current deployment configuration for a hosted service is about to be checked to determine if a change is required (for role scaling or changes to settings).
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","HostedServiceDetails":{"Subscription":"psicloud","HostedService":"rmsazure","DeploymentSlot":"Staging"},"ScaleRequests":{"AutoscalingWorkerRole":{"Min":1,"Max":2,"AbsoluteDelta":0,"RelativeDelta":0,"MatchingRules":"default"}},"SettingChangeRequests":{}}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling Updates Error: 3010 : Microsoft.Practices.EnterpriseLibrary.WindowsAzure.Autoscaling.ServiceManagement.ServiceManagementClientException: The service configuration could not be retrieved from Windows Azure for hosted service with DNS prefix 'rmsazure'
  in subscription id 'af1e96ad-43aa-4d05-b3f1-0c9d752e6cbb' and deployment slot 'Staging'. ---> System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException:
  The remote server returned an error: (403) Forbidden.
     at System.Net.HttpWebRequest.GetResponse()
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     --- End of inner exception stack trace ---
  Server stack trace: 
     at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
     at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  If anyone know why I am getting this anonymous access violation error. My webrole is secured site but worker role not.
  I appreciate any help.
  Thanks,
  ravi
    

  Hello,
  >>: The service configuration could not be retrieved from Windows Azure for hosted service with DNS prefix 'rmsazure' in subscription id **************
  Base on error message, I guess your azure service didn't get your certificate and other instances didn't have certificate to auto scale. Please check your upload the certificate on your portal management. Also, you could refer to same thread via link(
  http://stackoverflow.com/questions/12843401/azure-autoscaling-block-cannot-find-certificate ).
  Hope it helps.
  Any question or result, please let me know.
  Thanks
  Regards,
  Will 
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.