5

We are running on .NET Core 2.1 and sometimes get the exception "Secure binary serialization is not supported on this platform" when running the following query:

await _adClient.Users[userId].AppRoleAssignments.ExecuteAsync();

Reexecuting the query often works, so some condition is being met in which the binary serialization is not attempted (or succeeds?) on subsequent requests? That said, if I restart the service it will often work on the first request too.

We are using the older AD Graph client because 1) Microsoft Graph client does not fully support AppRoleAssignments yet and 2) what is supported is part of beta and not recommended for production use.

Full call stack below:

System.Data.Services.Client.BaseAsyncResult.EndExecute<T>(object source, string method, IAsyncResult asyncResult)
System.Data.Services.Client.QueryResult.EndExecuteQuery<TElement>(object source, string method, IAsyncResult asyncResult)
System.Data.Services.Client.DataServiceRequest.EndExecute<TElement>(object source, DataServiceContext context, string method, IAsyncResult asyncResult)
System.Data.Services.Client.DataServiceQuery<TElement>.EndExecute(IAsyncResult asyncResult)
Microsoft.Azure.ActiveDirectory.GraphClient.Extensions.DataServiceContextWrapper+<>c__DisplayClass4c<TSource, TInterface>.<ExecuteAsync>b__4a(IAsyncResult r)
System.Threading.Tasks.TaskFactory<TResult>.FromAsyncCoreLogic(IAsyncResult iar, Func<IAsyncResult, TResult> endFunction, Action<IAsyncResult> endAction, Task<TResult> promise, bool requiresSynchronization)
Microsoft.Azure.ActiveDirectory.GraphClient.Extensions.DataServiceContextWrapper.ExecuteAsync<TSource, TInterface>(DataServiceQuery<TSource> inner)
Microsoft.Azure.ActiveDirectory.GraphClient.AppRoleAssignmentCollection.<ExecuteAsync>b__2()
Merck.SeaMonkey.Api.AzureADApi.Controllers.UserController.GetApplicationRoleAssignments(string userId) in UserController.cs

The new Microsoft Graph client is not an option here, although I suppose we can drop down to the base REST interface, which is a bit of work with all the retry logic, result parsing, etc. that we'd relied on the graph client to do.

UPDATE: Give the source of the exception, we're presuming there's an issue in serializing an entity in the OData response. Using AD Graph Explorer though, we see a very simple response of an empty values array along with a link to the metadata document for the entity. We have made the issue recur often by removing and adding new app role assignments, but we can't force it to occur 100% reliably. It looks like some state is being corrupted, perhaps in some internal cache?

Kalyan Krishna
  • 1,616
  • 15
  • 19
Jim O'Neil
  • 23,344
  • 7
  • 42
  • 67

1 Answers1

0

I use that api call a lot - but I use a direct rest httpClient call against the old graph.

I am only posting this as a reference - notice the explicit version on the url (1.6). I am also posting the object i deserialize into, this may not match the official object schema. 

    // OLD Graph End point    //  like ... https://graph.windows.net/{tenant-id}/users/{id}/appRoleAssignments?api-version=1.6
   urlUserInviteToUse = "https://graph.windows.net/" + m_CfgHlp.TenIdInB2C + "/" + ObjFamilyName + "/" + DirObjIdToGet + "/" + ObjFunctionCall + "?api-version=1.6";

Due to the rest api string payload I am effectively using the JsonConvert.DeserializeObject to go from payload to object class. Notice that the Dates are not being deserialized as dates. 

public class AppRoleAssignmentsRoot
{
    public string odatametadata { get; set; }
    public AppRoleAssignment[] value { get; set; }
}

public class AppRoleAssignment
{
    public string odatatype { get; set; }
    public string objectType { get; set; }
    public string objectId { get; set; }
    public object deletionTimestamp { get; set; }
    public object creationTimestamp { get; set; }
    public string id { get; set; }
    public string principalDisplayName { get; set; }
    public string principalId { get; set; }
    public string principalType { get; set; }
    public string resourceDisplayName { get; set; }
    public string resourceId { get; set; }
}
Sql Surfer
  • 1,344
  • 1
  • 10
  • 25