Getting User is not authorized when activating MPOS R3 CU9

When installing this particular version from ground up (the Modern POS from a R3 CU9 installation media), you may get this error, unless you have also applied a hotfix for it (not sure at this moment if one exists, but looking into): "Microsoft.Dynamics.Commerce.Runtime.UserAuthorizationException: User is not authorized." and "IsAuthorized threw an exception 'Microsoft.Dynamics.Commerce.Runtime.UserAuthorizationException: Assigned role is not allowed to perform this operation.".

The call stack for these calls are good starting points in fixing the problem (of course, for the people who do not know very well the architecture of the MPOS / CRT).

The first message comes from "Microsoft.Dynamics.Retail.RetailServerLibrary.CommerceAuthorizationAttribute.HandleUnauthorizedRequest(HttpActionContext actionContext)". The second one is larger and I will be pasting it at the end of the post.

The  issue itself is in the Check Server Connectivity step of the MPOS activation process (do not have right now the name of the actual method). There a call to validate that the RetailServer actually responds is made with a context passing as allowed roles only the Employee role, while the request's principal is Anonymous. Thus the error.

The fix that I have implemented was to actually build the CRT assemblies while modifying the Execute method in the UserAuthenticationService class and added in the if (requestType == typeof(CheckAccessServiceRequest)) then branch the CommerceRoles.Anonymous role.

Of course, built the assemblies, copied them to the RetailServer installation folder, changed the references in the .config file and activated my device properly.

The second call stack I was mentionin above:

Microsoft.Dynamics.Commerce.Runtime.Services.CommerceAuthorization.CheckAccess(CommercePrincipal principal, RetailOperation operationId, RequestContext context, String[] allowedRoles, Boolean deviceTokenRequired, Boolean nonDrawerOperationCheckRequired)
   at Microsoft.Dynamics.Commerce.Runtime.Services.UserAuthenticationService.CheckAccess(CheckAccessServiceRequest request)
   at Microsoft.Dynamics.Commerce.Runtime.Services.UserAuthenticationService.Execute(Request request)
   at Microsoft.Dynamics.Commerce.Runtime.Workflow.Composition.PipelineRequestHandler.Execute(IRequestHandler handler, Request request)
   at Microsoft.Dynamics.Commerce.Runtime.CommerceRuntime.Execute[TResponse](Request request, RequestContext context, IRequestHandler handler, Boolean skipRequestPipeline)
   at Microsoft.Dynamics.Commerce.Runtime.CommerceRuntime.Execute[TResponse](Request request, RequestContext context, IRequestHandler handler)
   at Microsoft.Dynamics.Commerce.Runtime.CommerceRuntime.Execute[TResponse](Request request, RequestContext context)
   at Microsoft.Dynamics.Commerce.Runtime.Workflow.WorkflowRequestHandler`2.Execute(Request request)
   at Microsoft.Dynamics.Commerce.Runtime.Workflow.Composition.PipelineRequestHandler.Execute(IRequestHandler handler, Request request)
   at Microsoft.Dynamics.Commerce.Runtime.CommerceRuntime.Execute[TResponse](Request request, RequestContext context, IRequestHandler handler, Boolean skipRequestPipeline)
   at Microsoft.Dynamics.Commerce.Runtime.CommerceRuntime.Execute[TResponse](Request request, RequestContext context, IRequestHandler handler)
   at Microsoft.Dynamics.Commerce.Runtime.CommerceRuntime.Execute[TResponse](Request request, RequestContext context)
   at Microsoft.Dynamics.Commerce.Runtime.Client.SecurityManager.CheckAccess(CommercePrincipal commercePrincipal, String[] allowedRoles, RetailOperation operationId, Boolean deviceTokenRequired, Object actionContext)
   at Microsoft.Dynamics.Retail.RetailServerLibrary.CommerceAuthorizationAttribute.IsAuthorized(HttpActionContext actionContext)

3 comments:

  1. I am facing excatly this issue.
    Is there another way to fix it instead of patching the code?

    ReplyDelete
  2. I am facing excatly this issue.
    Is there another way to fix it instead of patching the code?

    ReplyDelete
  3. Hi.

    Well, I am not sure if there isn't by now a hotfix released that should resolve this. Have you searched LCS for a fix on this? Patching the code was not that time consuming, if you know where to go it only takes around half an hour ... Of course he code fix is a little buggy itself, because the context you get doesn't allow you to make a good decision if you should let this pass or not ... So for sure I would look for a hotfix on LCS. Let me know if you found one.

    Thanks,
    Iulian.

    ReplyDelete