ServiceAPI Impersonation

Hi,

 

Can anyone help with what settings I need to allow impersonation when using the ServiceAPI?

 

I'm using the .NET wrapper class.

 

I am setting valid credentials on the TrimClient object, and then calling the 'SetUserToImpersonate'  method, passing in the username of the suer i want to impersonate, however if i do a Location Request for 'me' its returning back the user that the conenction credentials belong to, not the impersonated user.

I have added the user name (domain\username) in both Enterprise Manager as aTrusted Account, and also in hptrim.config in the trustedToImpersonate attribute of the hptrim node.

 

Any other ideas? Has anyone got this working?

 

THanks,

 

Chris

Parents
  • Hi,

    there isnt a ConnectAs method, I'm using the ServiceAPI, with the .NET CLient Proxy library, not the COM API.

     

    Thanks,

    Chris

  • Hi,

    I have copied the code below: 

     

    public HPRecordsManagerServer(string serverAddress, bool basicAuthentication)
            {
                if (serverAddress == null)
                    throw new ArgumentNullException("serverAddress");
    
                m_ServerAddress = serverAddress;
                m_BasicAuthentication = basicAuthentication;
                m_RMClient = new TrimClient(serverAddress);
            }
    public virtual bool Impersonate(string impersonatedUsername)
            {
                if (impersonatedUsername == null)
                    throw new ArgumentNullException("impersonatedUsername");
    
                m_RMClient.Credentials = System.Net.CredentialCache.DefaultCredentials;
    
                m_RMClient.SetUserToImpersonate(impersonatedUsername);
    
                return TestConnection();
            }

     

    public bool TestConnection()
            {
                var locationSearch = new Locations();
                locationSearch.q = "me";
                locationSearch.Properties = new List<string>{"Permissions","Surname","LogsInAs"};
    
                try
                {
                    LocationsResponse locations = m_RMClient.Get<LocationsResponse>(locationSearch);
                    m_LoggedOnUser = locations.Results[0];
                }
                catch (ServiceStack.ServiceClient.Web.WebServiceException ex)
                {
                    ApplicationLog.ReportError(ex, "Error Connecting to Records Manager:"   ex.ErrorMessage);
                    return false;
                }
                catch (Exception ex)
                {
                    ApplicationLog.ReportError(ex, "Error Connecting to Records Manager");
                    return false;
                }
    
                if (!m_LoggedOnUser.Permissions[UserPermissions.RecordCreate])
                {
                    ApplicationLog.WriteEntry(String.Format("User {0} does not have permission to create Records",
                                        m_LoggedOnUser.LogsInAs), 4);
                    return false;
                }
                return true;
            }

     

    As I said previously, the location returned in the Test method returns the user who is running the code, not the impersonated user. I also tried uploading a new record, but the creator was the user runnign the code.

     

    Thanks,

     

    Chris

  • Hi,

    I have copied the code below: 

     

    public HPRecordsManagerServer(string serverAddress, bool basicAuthentication)
            {
                if (serverAddress == null)
                    throw new ArgumentNullException("serverAddress");
    
                m_ServerAddress = serverAddress;
                m_BasicAuthentication = basicAuthentication;
                m_RMClient = new TrimClient(serverAddress);
            }
    public virtual bool Impersonate(string impersonatedUsername)
            {
                if (impersonatedUsername == null)
                    throw new ArgumentNullException("impersonatedUsername");
    
                m_RMClient.Credentials = System.Net.CredentialCache.DefaultCredentials;
    
                m_RMClient.SetUserToImpersonate(impersonatedUsername);
    
                return TestConnection();
            }

     

    public bool TestConnection()
            {
                var locationSearch = new Locations();
                locationSearch.q = "me";
                locationSearch.Properties = new List<string>{"Permissions","Surname","LogsInAs"};
    
                try
                {
                    LocationsResponse locations = m_RMClient.Get<LocationsResponse>(locationSearch);
                    m_LoggedOnUser = locations.Results[0];
                }
                catch (ServiceStack.ServiceClient.Web.WebServiceException ex)
                {
                    ApplicationLog.ReportError(ex, "Error Connecting to Records Manager:"   ex.ErrorMessage);
                    return false;
                }
                catch (Exception ex)
                {
                    ApplicationLog.ReportError(ex, "Error Connecting to Records Manager");
                    return false;
                }
    
                if (!m_LoggedOnUser.Permissions[UserPermissions.RecordCreate])
                {
                    ApplicationLog.WriteEntry(String.Format("User {0} does not have permission to create Records",
                                        m_LoggedOnUser.LogsInAs), 4);
                    return false;
                }
                return true;
            }

     

    As I said previously, the location returned in the Test method returns the user who is running the code, not the impersonated user. I also tried uploading a new record, but the creator was the user runnign the code.

     

    Thanks,

     

    Chris

  • I might be missing it, but I don't see where you're actually calling the impersonate method.  Do you do that somewhere else in your code?

  • I call the setusertoimpersonate method in the second block of code, 2 lines from the bottom.

  • I call the setusertoimpersonate method in the second block of code, 2 lines from the bottom.

  • I call the setusertoimpersonate method in the second block of code, 2 lines from the bottom.

  • I meant I don't see where that second line of code is called.  

  • Ah,

     

    I didnt put the whole code in.

     

    In another class, i create an instant of my HPRecordsManagerServer class using the constructor in the first code snippet.

     

    I then call the Impersonate method, which in turn calls the TestConnection() method to confirm that the credentials are suitable to access Records Manager.

     

    Thanks,

     

    Chris

  • Ah,

     

    I didnt put the whole code in.

     

    In another class, i create an instant of my HPRecordsManagerServer class using the constructor in the first code snippet.

     

    I then call the Impersonate method, which in turn calls the TestConnection() method to confirm that the credentials are suitable to access Records Manager.

     

    Thanks,

     

    Chris

  • Ah,

     

    I didnt put the whole code in.

     

    In another class, i create an instant of my HPRecordsManagerServer class using the constructor in the first code snippet.

     

    I then call the Impersonate method, which in turn calls the TestConnection() method to confirm that the credentials are suitable to access Records Manager.

     

    Thanks,

     

    Chris

Reply Children
No Data