UserCredential concatenates @Domain in 100x

Anonymous User · ‎10-22-2019

I am seeing behavior in 100.6 (probably there in all 100.x) where UserCredential concatenates @Domain onto the end of the username. So if I do the following ...

UserCredential mAgencyCredentials = new UserCredential(Domain\mMouse, password);

mAgencyCredential immediately returns ..

"mMouse@domain"

in LogCat...

mAgencyCredentials = {UserCredential@12352}
mPassword = "obfuscated"
mReferer = null
mToken = null
mUsername = "mMouse@Domain"

In this case I am using the UserCredential to access an on premise feature service (shared via AGOL in our organization but the service itself is on an internal ArcGIS Server instance).

The username format causes us all sorts of problems from that moment forward as described below...

The behavior where the runtime SDK adds the @DOMAIN suffix to the user account is a problem with our 'stand alone' (not portal/server federated) ArcGIS Server environment. This is similar to behaviors we noted in the MAR 2017 Esri Case #01907532 - "ArcGIS Server Token Authentication Login Format Issues".

Here is the server authentication setup:

From the web-adaptor server, I enabled 'failed request tracing' rules to dump .xml log files for each request. From that, I gather that the code did the following:

Client (mobile device) attempted access to https://www.example.com/arcgis/rest/services/folder/servicename/FeatureServer
Server responded:
Buffer="{"error":{"code":499,"message":"Token Required","details":[]}}"
Client requested https://www.example.com/arcgis/rest/info to obtain authentication information. Server responded appropriately (isTokenBasedSecurity = True and token URL)
Client made a request to https://www.example.com/arcgis/tokens/generateToken and supplied the username in the following format: username@DOMAIN (ex: 'mMouse@Domain'). The @ was encoded to %40
Server responded with a valid token
Client then made a request to https://www.example.com/arcgis/tokens and supplied the username in the same 'username@DOMAIN' format. Server again provided a token
Client then made the same request as #1 but added the header X-Esri-Authentication with the value Bearer <TOKEN FROM the /arcgis/tokens url (second token request)
Server responded with:
Buffer="{"error":{"code":-1,"message":"Unable to check permission on resource <Folder>/<Service>.mapserver.Failed to compute the privilege for the user '<USERNAME>@<DOMAIN>'. Could not find user account in the Identity Store.","details":[]}}"
Furthermore, the ArcGIS Server logs return: Blocked out actual username but would be "mMouse@Domain

Anonymous User · ‎11-03-2019

A little more information. This is the LogCat from Android Studio....

error = {ArcGISRuntimeException@9380} "com.esri.arcgisruntime.ArcGISRuntimeException: Attempted to use invalid JSON: Name property is missing"
error.mAdditionalMessage = "Name property is missing"
error.mCause = null
error.mCode = 21
error.mDomain = {ArcGISRuntimeException$ErrorDomain@9390} "ARCGIS_RUNTIME"
error.mErrorMessage = "Attempted to use invalid JSON"
error.backtrace = null
error.cause = {ArcGISRuntimeException@9380} "com.esri.arcgisruntime.ArcGISRuntimeException: Attempted to use invalid JSON: Name property is missing"
error.detailMessage = null
error.stackTrace = {StackTraceElement[2]@9395}
error.suppressedExceptions = {Collections$EmptyList@9396} size = 0
error.shadow$_klass_ = {Class@6078} "class com.esri.arcgisruntime.ArcGISRuntimeException"
error.shadow$_monitor_ = 1073823972
cause = null

Erick_1 · ‎11-07-2019

Hi Aaron Dick‌,

Thanks for bringing this to our attention, I have looked into it and I found that this is a bug on our API. We are planning to fix it in our future release and unfortunately there's no workaround other than not using usernames that have a 'backward-slash' when using a UserCredential.

Sorry for the inconvenience.