Return
-
Title
Unable to log in to the web portal after an upgrade to 9.x -
Description
After upgrading the system from 8.2.1 to 9.x, users are unable to login to the web portal. The following error is displayed:
"An exception has occurred while running the form method F0_ctl00_Main_Main_ControlRef1_Button1_Method.
Potentially dangerous behavior was detected. The request will be ignored.
SQL injection detected in WHERE clause: (isnull(XDateUpdated, '1899-12-30 00:00:00.000') > '1899-12-30 00:00:00.000') and (UID_Tree in (select UID_Tree from DialogProcessChain where GenProcID in (select GenProcID from dbo.QBM_FTDialogProcessSelect(null, N'username', null, 0))))" -
Cause
Applications must now authenticate themselves with a special key (Trusted Source Key). -
Resolution
A trusted source key is now required for the web applications.
This is described further in the 9.0 release notes:
35239 - The trusted source key, which can be used to specify that Where-clauses from the Web frontend are trusted, can now be specified as the ConnectionBehaviour/TrustedSourceKey option in the configuration file.
To correct this issue please follow the steps below:
To configure the trusted source key:
1. On the server where the web applications are installed, open a command line utility with administrator privileges.
2. Change to a directory with installed One Identity Manager development tools.
3. Run the following command:
imxclient edit-config /path <web.config file path> -T
(for example imxclient edit-config /path c:\inetpub\wwroot\apiserver\web.config -T)
or
imxclient edit-config /path <web.config file path> /trustedsourcekey <Key>