"Accessed JObject values with invalid key value" error when Permission is set


I am getting an error loading a page when Permission is configured with Security Restrict in Server Actions. Authentication is working. I can load the page if there is no permission configured with Security Restrict (can load the page when logged in, cannot load when not logged in).

Here’s the configuration in the Security Provider settings:

I have 2 tables, app_user (contains userid, username, password) and app_user_group_map (contains userid and groupid for the permission).
I have already tried using a table view that contains both the userid, groupid, and permission name on which I set the Condition value for for a different set of tests.

Both tests have failed with the same error.

Anyone has encountered the same error message? Any workaround or solution?

Thank you.

Have you viewed this?

From your code i think you may have the identity field set incorrectly, it should be the primary key in the users table and a foreign key in the permissions

So try changing it to “userid”

1 Like

Hello @Hyperbytes, yes I have watched the video.
I have the following DB configuration. I am supposed to be using a 3-table setup. But I can still use a 2-table setup with the consideration of using the app_group_id as the Conditions value. So in effect, I am only using tables app_user and app_user_group_map (as seen on my initial post’s screenshot).

This is how I setup my db…

This is what it looks like for a 2-table setup in my db (just disregard the app_group table):

The configuration in Wappler:

My other test using a table view created from the JOINs of the 3 tables also has the same error. Here’s the configuration in Wappler using the table view view_userprivilege:

I have even tried using the app group name instead of the group id when using the table view.

Any ideas?
Thank you.

Hi @zitroware,

Where is the pid column coming from? When looking at your screenshots, I do not see it listed.

From what it looks like, you would like to use the app_group_id as the condition. I would try changing the pid to the app_group_id column.

Hi @scott, you are referring to the last screenshot which is using a table view.
I have tested a couple of times, first one is using the 2-table approach and the second one is using the table view. The table view has the pid.

Hi @patrick, @Teodor, below is the StackTraceString in case you need it.

"StackTraceString": " at Newtonsoft.Json.Linq.JObject.get_Item(Object key)\r\n at DMXzone.ServerConnect.Security.DatabaseProvider.Permissions(JToken identity, JArray rules) in d:\\Develop\\DMXzone Server Connect\\ASPNET_Source\\DMXzone Security Provider\\Security\\DatabaseProvider.cs:line 53\r\n at DMXzone.ServerConnect.Security.SecurityProvider.Restrict(JObject options) in d:\\Develop\\DMXzone Server Connect\\ASPNET_Source\\DMXzone Security Provider\\Security\\SecurityProvider.cs:line 182\r\n at DMXzone.ServerConnect.Module.AuthModule.Restrict(JObject options) in d:\\Develop\\DMXzone Server Connect\\ASPNET_Source\\DMXzone Security Provider\\Module\\AuthModule.cs:line 87",

Thank you.

Ok, looking back at the top, let me try to understand what is happening. You said that you can load the page if you do not have a permission configured with Security Restrict and you can load the page when you are logged in. But you can not load the page when you are not logged in.

This sounds right. Security Restrict will not display data if you are not logged in with the right permissions.

Do you have other content on the page that is supposed to load outside of what Security Restrict is protecting?

Hi @scott, yes you are right. I am trying to explain that it works fine when there is no permission set, i.e. I can load the page when logged in and cannot when not. This means authentication is working. But the time when the permission is set, I am getting HTTP 500 with the error “Accessed JObject values with invalid key value”.

This might be a bug in the asp.net implementation @patrick will check it out