In OnBase 13 and later we have changed the text you can look at entries in the Security Log to determine if they logged in via the DMCoreX API. You can do this several ways, but the easiest is probably via the Thick Client logging reports. To perform this action manually, do the following:
First, log into the thick client as a user who has the proper privileges to the Transaction Logs menu option under the Admin menu. Select the Create Reports option. On the ensuing dialog, select Security under the Transaction Log dropdown. Select Log in under the Actions list. Refine the other search options as desired and then select Create Report.
When viewing the report, look for any column that has the Action “Logged into Core Services”. There will be two kinds of Messages corresponding to that action.
Any message that contains the string ‘AppServer’ (not including the quotes) is indicative of somebody logging in via a product that uses the Application Server (for example the OnBase Web Client or Unity Client). Web Services Toolkit logins will also display this message.
Any message that does NOT contain the string ‘AppServer’ is an indication that somebody has logged in via the DMCoreX API.
This method can be run easily by someone with the correct privileges, but it also has some fairly significant limitations.
[1] You will have to manually check for the lack of an ‘AppServer’ string.
[2] Logins via Web Services Toolkit will still append the ‘AppServer’ string to the logging message, so this method cannot be used to identify usage of the Web Services Toolkit.
[3] The ‘AppServer’ string was not added to the logging until OnBase 13. In all prior releases, you cannot distinguish between a DMCoreX API login and an Application Server login by looking at the message string. This means that the end user will need to run on OnBase 13 or later for at least a few weeks before you can rely on it to detect DMCoreX APIlogins. Any customer who is on a prior version and wishes to upgrade directly to OnBase 15 will not be able to use it.
[4] The Security Log report will tell you that somebody logged in via the DMCoreX API, but it will not tell you if the login was from a script, a custom application or one of the OnBase modules that still use the DMCoreX API in OnBase 13. You will still need to track that information down by hand.
[5] Most seriously, DMCoreX scripts that are used from inside Workflow will NOT write to the security log. This is because those scripts are already 'logged in' and are run under the context of the current user.
This change was made in OnBase 13 with SCR 140549.
