Error Messages...

Sep 30, 2010 at 7:26 PM

Hello,

I'm new to Resource Management Client coding (but have been writing code for a looooong time), and have a quick question on error messages: is there a way to get more useful error messages?  I'm creating error scenarios around adding users to groups to test my error handling.  The only message I receive in code is: The endpoint could not be dispatched... and if I look in the FIM Log, I see No corresponding start element is open.  Is there a way to parse out the lower level error?  The Code property doesn't help, nor does the InnerException.

I'd be completely comfortable modifying the ResourceManagement client code, if necessary.  Any help would be very much appreciated.

Thanks!

Gary

Developer
Sep 30, 2010 at 10:29 PM

Hi Gary,

The client only has as much information as is passed back from the web service.

You can enable service and message tracing in the web service client app config to see the exact message that comes back from the service. From there, you can examine the entire soap message to see if there is more information that could be useful. If so, you can enhance the message deserializer and make the date available. Any work in this area would be greatly appreciated.

-Jeremy

From: ggalehouse [mailto:notifications@codeplex.com]
Sent: Thursday, September 30, 2010 11:27 AM
To: jeremy@palenchar.net
Subject: Error Messages... [fim2010client:229191]

From: ggalehouse

Hello,

I'm new to Resource Management Client coding (but have been writing code for a looooong time), and have a quick question on error messages: is there a way to get more useful error messages? I'm creating error scenarios around adding users to groups to test my error handling. The only message I receive in code is: The endpoint could not be dispatched... and if I look in the FIM Log, I see No corresponding start element is open. Is there a way to parse out the lower level error? The Code property doesn't help, nor does the InnerException.

I'd be completely comfortable modifying the ResourceManagement client code, if necessary. Any help would be very much appreciated.

Thanks!

Gary

Oct 1, 2010 at 5:43 PM

Hi Jimmy,

Thanks so much for the response.  I increased the verbosity (I think), and then examined the soap (in the Put method) and the only additional information I'm getting is 'unwillingtoperform'.  I un-commented the lines in the Microsoft.ResourceManagement.Service.exe.config.  I'm not sure if that's the right place, as I'm kinda stumbling through this on my own.  If I didn't do something properly or you have other suggestions, please let me know. 

Also, the only thing I'm trying to do at the moment is simulate a case in which I try to add a user to a group when that user already exists in the group.  If I perform this action without the user in the group, it works great.  I'm just trying to get some more robust error handling in place.  Of course I can perform pre-checks for things like this, but at this point I'm just trying to feel around as to what is available, if that makes sense.

Thanks again!

Gary

Developer
Oct 1, 2010 at 10:34 PM
You can also enable message tracing in WCF. This will let you see the entire soap message. Depending on where you are in the code, you may also be able to see the message in the debugger as well.
 
Unwilling to perform is a pretty common message. I am not sure if you will be able to get anything else but I think it is worth looking at.
 
Are you using a transaction to add the member to a group? If so, it sounds like the transaction logic could be impreoved to detect the object is already a member so the change can be filtered out of the request before it is sent to the server as an error.
 
We would be happy to see some patches in this area as well.
 
-Jeremy

On Fri, Oct 1, 2010 at 9:43 AM, ggalehouse <notifications@codeplex.com> wrote:

From: ggalehouse

Hi Jimmy,

Thanks so much for the response.  I increased the verbosity (I think), and then examined the soap (in the Put method) and the only additional information I'm getting is 'unwillingtoperform'.  I un-commented the lines in the Microsoft.ResourceManagement.Service.exe.config.  I'm not sure if that's the right place, as I'm kinda stumbling through this on my own.  If I didn't do something properly or you have other suggestions, please let me know. 

Also, the only thing I'm trying to do at the moment is simulate a case in which I try to add a user to a group when that user already exists in the group.  If I perform this action without the user in the group, it works great.  I'm just trying to get some more robust error handling in place.  Of course I can perform pre-checks for things like this, but at this point I'm just trying to feel around as to what is available, if that makes sense.

Thanks again!

Gary

Oct 3, 2010 at 3:19 PM

Crap, where the heck did I get 'Jimmy'?  What an idiot.   I generally have better attention to detail.  I'll let you know what I figure out.  Feel free to call me Barry, Harry, or Moron... I earned it.

Oct 4, 2010 at 9:54 PM
Edited Oct 4, 2010 at 9:55 PM

Okay Jeremy,

I worked a little more on this today, and figured some things out (you probably already know this):

  1. The RmResourceChanges object does in fact check if the resource attribute has changed, and skips it if it has not.
  2. The request was failing because that was the only attribute my code was attempting to change, and so the PutRequest.ModifyRequest.Changes list was empty.
  3. I put in some test code within the lowest level Put request (the one that does the work) not to attempt to make a Put request to the wsTransferClient if there was nothing to change.  This worked, as it returned success (or at least didn't throw an exception).
  4. So in my case, if a user attempts to add a member to a group that already exists, it sort of acts like the portal in that it returns success, but in effect, doesn't do anything.

Does it sound like what I've done is logical and acceptable?  It was actually a very simple change, once I figured out what was happening.

Thanks!

Gary

 

 

 

 

Developer
Oct 5, 2010 at 7:21 AM

Sounds like an excellent fix.

We would like to include your fix in the code. Can you provide a patch?

-Jeremy

From: ggalehouse [mailto:notifications@codeplex.com]
Sent: Monday, October 04, 2010 1:54 PM
To: jeremy@palenchar.net
Subject: Re: Error Messages... [fim2010client:229191]

From: ggalehouse

Okay Jeremy,

I worked a little more on this today, and figured some things out (you probably already know this):

1. The RmResourceChanges object does in fact check if the resource has changed, and skips it.

2. The request was failing because that was the only attribute my code was attempting to change, and so the PutRequest.ModifyRequest.Changes list was empty.

3. I put in some test code within the lowest level Put request (the one that does the work) not to attempt to make a Put request to the wsTransferClient if there was nothing to change. This worked, as it returned success (or at least didn't throw an exception).

4. So in my case, if a user attempts to add a member to a group that already exists, it sort of acts like the portal in that it returns success, but in effect, doesn't do anything.

Does it sound like what I've done is logical and acceptable? It was actually a very simple change, once I figured out what was happening.

Thanks!

Gary

        

Oct 5, 2010 at 3:13 PM

Ok, cool.  I'm new to codeplex, too, so do I create a 'fork' to do a patch, or is there some other method?

Thanks,

Gary

Developer
Oct 5, 2010 at 3:32 PM

You need to commit your changes to your local repository using Hg.

Make sure you only commit the changes associated with this  bug.

You can request developer access to the project through CodePlex.

Once you have dev access, you can push your committed changes back to the Codeplex repository.

Alternately, you can have Hg generate a patch for this change and I can post it for you.

-Jeremy

From: ggalehouse [mailto:notifications@codeplex.com]
Sent: Tuesday, October 05, 2010 7:13 AM
To: jeremy@palenchar.net
Subject: Re: Error Messages... [fim2010client:229191]

From: ggalehouse

Ok, cool. I'm new to codeplex, too, so do I create a 'fork' to do a patch, or is there some other method?

Thanks,

Gary

Oct 11, 2010 at 3:28 PM
Edited Oct 11, 2010 at 3:28 PM

Jeremy,

Sorry about the delayed response, I've spent the last few days installing FIM on another VM, along with Exchange.  I'm more than happy to contribute, but I need to download HG and so forth.  I will let you know.  In the meantime, if you'd just like to add the change, here is the updated Put method with my changed annotated:

        public bool Put(RmResourceChanges transaction, bool useAlternateEndpoint, out PutResponse response, SecurityToken token, ContextMessageProperty context) {
            response = null;
            if (transaction == null) {
                throw new ArgumentNullException("transaction");
            }

            if (!useAlternateEndpoint) {
                PutRequest resourceEPrequest = this.requestFactory.CreatePutRequest(transaction);

                // GGalehouse [10.05.2010]: Only submit the request if changes are present, as requested changes
                //  may be filtered out during the CreatePutRequest process.
                if (resourceEPrequest.ModifyRequest.Changes.Count > 0)
                {
                    try
                    {

                        this.wsTransferClient.Put(resourceEPrequest, out response);

                    }
                    //catch AuthN Fault here so we have the original transaction so we can re-submit later
                    catch (System.ServiceModel.FaultException<Microsoft.ResourceManagement.Client.Faults.AuthenticationRequiredFault> authNFault)
                    {
                        String STSEndpoinAddresst = authNFault.Detail.SecurityTokenServiceAddress;
                        ContextMessageProperty responseContext;
                        //TODO: Add AuthNLogicHere. For now, only support QA gates on the Authernate Endpoint
                    }
                }

                if (response == null)
                    return false;
                else
                    return true;
            }
            else
            {
                //TODO:Verify that the ObjectID is in the form Domain\User.
                PutRequest alternateEPrequest = this.requestFactory.CreatePutRequest(transaction);
                response = null;

                // GGalehouse [10.05.2010]: Only submit the request if changes are present, as requested changes
                //  may be filtered out during the CreatePutRequest process.
                if (alternateEPrequest.ModifyRequest.Changes.Count > 0)
                {
                    try
                    {
                        this.alternateClient.Put(alternateEPrequest, out response, token, context);
                    }
                    catch (System.ServiceModel.FaultException<Microsoft.ResourceManagement.Client.Faults.AuthenticationRequiredFault> authNFault)
                    {
                        String STSEndpointAddress = authNFault.Detail.SecurityTokenServiceAddress;
                        ContextMessageProperty responseContext;

                        if (ContextMessageProperty.TryGet(response.Message, out responseContext))
                        {
                            ContextualSecurityToken userToken = HandleAuthNFault(STSEndpointAddress, responseContext);
                            Put(transaction, true, out response, userToken, responseContext);
                        }
                        else
                        {
                            throw new Exception("Could not get security context from Put.");
                        }
                    }
                }

                if (response == null)
                    return false;
                else
                    return true;
            }
        }

Thanks!

Gary 


Developer
Oct 11, 2010 at 4:11 PM

Awesome!

I will submit your patch. I know there is at least one other person who is facing this bug and waiting for the fix.

-Jeremy

From: ggalehouse [mailto:notifications@codeplex.com]
Sent: Monday, October 11, 2010 7:28 AM
To: jeremy@palenchar.net
Subject: Re: Error Messages... [fim2010client:229191]

From: ggalehouse

Jeremy,

Sorry about the delayed response, I've spent the last few days installing FIM on another VM, along with Exchanged. I'm more than happy to contribute, but I need to download HG and so forth. I will let you know. In the meantime, if you'd just like to add the change, here is the updated Put method with my changed annotated:

        public bool Put(RmResourceChanges transaction, bool useAlternateEndpoint, out PutResponse response, SecurityToken token, ContextMessageProperty context) {
            response = null;
            if (transaction == null) {
                throw new ArgumentNullException("transaction");
            }
 
            if (!useAlternateEndpoint) {
                PutRequest resourceEPrequest = this.requestFactory.CreatePutRequest(transaction);
 
                // GGalehouse [10.05.2010]: Only submit the request if changes are present, as requested changes
                //  may be filtered out during the CreatePutRequest process.
                if (resourceEPrequest.ModifyRequest.Changes.Count > 0)
                {
                    try
                    {
 
                        this.wsTransferClient.Put(resourceEPrequest, out response);
 
                    }
                    //catch AuthN Fault here so we have the original transaction so we can re-submit later
                    catch (System.ServiceModel.FaultException<Microsoft.ResourceManagement.Client.Faults.AuthenticationRequiredFault> authNFault)
                    {
                        String STSEndpoinAddresst = authNFault.Detail.SecurityTokenServiceAddress;
                        ContextMessageProperty responseContext;
                        //TODO: Add AuthNLogicHere. For now, only support QA gates on the Authernate Endpoint
                    }
                }
 
                if (response == null)
                    return false;
                else
                    return true;
            }
            else
            {
                //TODO:Verify that the ObjectID is in the form Domain\User.
                PutRequest alternateEPrequest = this.requestFactory.CreatePutRequest(transaction);
                response = null;
 
                // GGalehouse [10.05.2010]: Only submit the request if changes are present, as requested changes
                //  may be filtered out during the CreatePutRequest process.
                if (alternateEPrequest.ModifyRequest.Changes.Count > 0)
                {
                    try
                    {
                        this.alternateClient.Put(alternateEPrequest, out response, token, context);
                    }
                    catch (System.ServiceModel.FaultException<Microsoft.ResourceManagement.Client.Faults.AuthenticationRequiredFault> authNFault)
                    {
                        String STSEndpointAddress = authNFault.Detail.SecurityTokenServiceAddress;
                        ContextMessageProperty responseContext;
 
                        if (ContextMessageProperty.TryGet(response.Message, out responseContext))
                        {
                            ContextualSecurityToken userToken = HandleAuthNFault(STSEndpointAddress, responseContext);
                            Put(transaction, true, out response, userToken, responseContext);
                        }
                        else
                        {
                            throw new Exception("Could not get security context from Put.");
                        }
                    }
                }
 
                if (response == null)
                    return false;
                else
                    return true;
            }
        }
 

Thanks!

Gary



Read the full discussion online.

To add a post to this discussion, reply to this email (fim2010client@discussions.codeplex.com)

To start a new discussion for this project, email fim2010client@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com