Bug: Stored Procedures Fail With Auth In Data API Builder
Hey everyone, I wanted to share an issue I encountered while working with the Data API builder and adding stored procedures. Specifically, I ran into a bug when trying to add stored procedures to my database configuration file when authentication was enabled. I'm getting an error that doesn't appear when I switch to anonymous access, which is pretty strange. Let's dive into the details so you guys can understand what's going on.
The Problem: Authentication Woes with Stored Procedures
So, here's the deal. I was setting up my database configuration file and wanted to include some stored procedures. When I enabled authentication, things started going south. I kept getting this error that just wouldn't go away. However, when I switched back to anonymous access, everything worked perfectly fine. It was like the authentication was the root cause of the issue. This is super frustrating, especially when you're trying to secure your APIs properly. Has anyone else experienced this type of issue before? I'm scratching my head trying to figure out what's happening behind the scenes.
Configuration Details
To give you a clearer picture, here’s the configuration from my config file:
"AMS_SP_GetFinancialReport": {
"source": {
"type": "stored-procedure",
"object": "[dbo].[GetFinancialReport]",
"parameters": {
"Checkin": "2025-09-01",
"Checkout": "2025-09-30",
"ContractEnd": "null",
"ContractStart": "null",
"contractStatus": "0",
"noOfRows": "100"
}
},
"graphql": {
"operation": "query"
},
"permissions": [
{
"role": "authenticated",
"actions": [
"execute"
]
}
]
}
As you can see, I’ve set up a stored procedure named AMS_SP_GetFinancialReport. It’s designed to fetch financial reports based on various parameters like check-in and check-out dates, contract status, and the number of rows. The crucial part here is the permissions section, where I’ve specified that only authenticated users should be able to execute this procedure. When this is in place, the error pops up. Remove the authentication, and bam, it works! This clearly indicates some issue with how the authentication is interacting with the stored procedure execution.
Visual Evidence
To further illustrate the issue, here’s a screenshot of the error I encountered:
This image shows the detailed error message, which points to a System.ObjectDisposedException. This type of exception usually means that the code is trying to access an object that has already been disposed of, which is super weird in this context. It seems like there’s some issue with how the JsonDocument is being handled during the authentication process. Has anyone else seen this specific error before? Any insights would be greatly appreciated!
Technical Details: Diving Deep
Okay, let's get a bit more technical here. To help you understand the environment and setup, I'm including some version information, the database I'm using, the hosting model, and the API approach. This should give you a complete picture of what's going on.
Version Information
I'm currently running version 1.5.56 of the Data API builder. Knowing the version can be crucial since bugs are often specific to certain versions. If you've encountered something similar, it might be worth checking if you're on the same version or if it has been addressed in a later release. Keeping the DAB updated is generally a good practice to avoid known issues and take advantage of new features and fixes. Have you guys found that upgrading to the latest version often resolves these kinds of issues?
"version": "1.5.56"
Database and Hosting
I’m using Azure SQL as my database, which is pretty common for many projects. My hosting model is Container Apps, which provides a scalable and flexible environment for deploying applications. Using these details, we can narrow down whether the issue is specific to the database type or the hosting environment. Sometimes, certain combinations of technologies can lead to unexpected behavior. It's always good to rule out any environmental factors that might be contributing to the problem. Are there any known issues with Azure SQL or Container Apps that might be related to this?
API Access
I am accessing the Data API builder through GraphQL. GraphQL is a powerful way to interact with APIs, but it also adds another layer of complexity. The issue might be related to how GraphQL is handling the authentication context or how it's interacting with the stored procedures. Knowing the API approach helps in diagnosing whether the problem lies in the API layer itself or deeper within the data access layer. Has anyone encountered similar issues specifically with GraphQL and stored procedures?
Relevant Log Output
To give you even more context, here's the relevant log output. This log shows the stack trace of the error, which can be super helpful in pinpointing the exact location in the code where things are going wrong.
2025-10-16T21:31:10.4450061Z stdout F System.ObjectDisposedException: Cannot access a disposed object.
2025-10-16T21:31:10.4450083Z stdout F Object name: 'JsonDocument'.
2025-10-16T21:31:10.4450105Z stdout F at System.Text.Json.ThrowHelper.ThrowObjectDisposedException_JsonDocument()
2025-10-16T21:31:10.4450182Z stdout F at Azure.DataApiBuilder.Service.Services.ExecutionHelper.TryGetPropertyFromParent(IResolverContext context, JsonElement& propertyValue) in /_/src/Core/Services/ExecutionHelper.cs:line 331
2025-10-16T21:31:10.4450212Z stdout F at Azure.DataApiBuilder.Service.Services.ExecutionHelper.ExecuteLeafField(IResolverContext context) in /_/src/Core/Services/ExecutionHelper.cs:line 182
2025-10-16T21:31:10.4450241Z stdout F at HotChocolate.Resolvers.FieldResolverDelegates.<>c__DisplayClass0_0.<.ctor>b__0(IResolverContext context)
2025-10-16T21:31:10.4450273Z stdout F at HotChocolate.Types.Helpers.FieldMiddlewareCompiler.<>c__DisplayClass9_0.<<CreateResolverMiddleware>b__0>d.MoveNext()
2025-10-16T21:31:10.4450296Z stdout F --- End of stack trace from previous location ---
2025-10-16T21:31:10.4450317Z stdout F at HotChocolate.Authorization.AuthorizeMiddleware.InvokeAsync(IMiddlewareContext context)
2025-10-16T21:31:10.4450339Z stdout F at HotChocolate.Authorization.AuthorizeDirectiveType.<>c__DisplayClass3_0.<<CreateMiddleware>b__1>d.MoveNext()
2025-10-16T21:31:10.4450360Z stdout F --- End of stack trace from previous location ---
2025-10-16T21:31:10.4450432Z stdout F at HotChocolate.Execution.Processing.Tasks.ResolverTask.ExecuteResolverPipelineAsync(CancellationToken cancellationToken)
2025-10-16T21:31:10.4450460Z stdout F at HotChocolate.Execution.Processing.Tasks.ResolverTask.TryExecuteAsync(CancellationToken cancellationToken)
Looking at the log, the System.ObjectDisposedException is thrown while trying to access the JsonDocument. The stack trace indicates that this happens within the ExecutionHelper and involves the AuthorizeMiddleware from HotChocolate (the GraphQL library). This suggests that the issue might be related to how the authentication context is being managed within the GraphQL execution pipeline. It’s like the system is trying to read something that’s already been cleared out, which is a classic sign of a resource management problem. Has anyone debugged similar issues within HotChocolate or GraphQL resolvers?
Code of Conduct
- [x] I agree to follow this project's Code of Conduct
Next Steps and Community Input
So, what’s next? I’m hoping some of you brilliant minds out there might have some insights or suggestions. Have you encountered a similar issue? Do you have any ideas on how to troubleshoot this further? I'm really keen on understanding why this is happening and how to fix it.
I’ve already tried a few things, like double-checking my configuration and ensuring that all the dependencies are correctly set up. I’ve also looked into the Data API builder’s documentation and GitHub issues, but haven’t found anything that exactly matches my situation. It’s always a bit of a puzzle when you run into a unique bug!
In the meantime, I’ll keep digging and try to narrow down the cause. I might try setting up a minimal reproduction case to isolate the issue and make it easier to debug. If I find a solution, I’ll definitely share it here so that others can benefit. Collaboration is key in these situations, and I appreciate any help or suggestions you can offer.
Has anyone faced similar problems with stored procedures and authentication in the Data API builder? What steps did you take to resolve it? Let's brainstorm together and get this sorted out!
Keywords: Data API builder, stored procedures, authentication, bug, GraphQL, Azure SQL, Container Apps, System.ObjectDisposedException, HotChocolate, API, configuration, error, debugging, troubleshooting