Access AgilePoint Web Service API from a 3rd party application such as SharePoint or ASP.NET application from a separate machine through Impersonation
The information in this article applies to:
- AgilePoint Developer
- Web Service API
| GOAL(S) |
| |
Access AgilePoint Web Service API from a 3rd party application such as a SharePoint component or ASP.NET application in a separate machine through Impersonation. |
| |
|
| SUMMARY |
| |
Sometimes application developers may need to implement their own custom component to access AgilePoint through Web Service API. These components can be located in a physically separate machine (for example, calling from a SharePoint Web Part) and when accessing the AgilePoint Server through Web Service API, HTTP - 401 authentication error may occur.
For the SharePoint component, it runs under the identity that is specified in the SharePoint Application Pool. In some case, the identity could be set using the NetworkService or LocalSystem. These identities will not be able to get authenticated remotely through IIS and therefore returned the HTTP - 401 error.
NOTE: This approach is a solution to the well known double hop issue. |
| |
|
| SOLUTION |
| |
In a multiple-server envrionment, it is recommend to set up a dedicated user credential that the 3rd party application code can impersonate to get authenticated cross machine in order to access the AgilePoint Web Service. This dedicated user credential is typically stored in the web.config file of the application which can be retrieved before accessing the Web Service.
AgilePoint also provides an API called Surrogate() to allow the custom code to set the login user identity after the initial authentication through the impersonation. This will allow the remaining operation with the Web Service to run under the correct login identity.
Here are the steps to do surrogating:
-
In your custom coding for surrogating, at api.SetClientAppName("MyApplication"), put in your desired application name (case sensitive).
-
Open the AgilePoint Server Configuration and click the Extension link, then click the Add button.
- Enter the application name (case sensitive) you used in the custom coding and also the Impersonator name (see picture below).
- The Impersonator has to be a registered user and preferably an administrator in AgilePoint Server.
Here are some code snippets:
//Get the credentials using the dedicated user credential retrieved from the web.config
System.Net.NetworkCredential credentials = new System.Net.NetworkCredential(ap.m_ImpersonatorName, ap.m_ImpersonatorPassword, ap.m_Domain);
//Get the login user info from the HTTP context
string context = this.Context.User.Identity.Name;
string errmsg;
try
{
// Workflow Web Service
api = new WorkflowService(url); //url is the AgilePoint Server Url, should be obtained from the web.config
api.CookieContainer = cookieContainer;
api.Credentials = credentials;
api.SetClientAppName("MyApplication"); //You must also set the Impersonator to this application name using the AgilePoint Server Configuration
api.SetClientLocale("en-US");
api.Surrogate(context);
string userName = api.CheckAuthenticated(); |
| |
...
}
|