This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Domain Authentication through the API

Jacob_Dahlke6
Star Contributor
Star Contributor

‎11-19-2021 11:11 AM

I'm working on an integration app that will run on a client machine. I'd like to connect through the API using domain credentials without having the logged in user have to type them out.

 

When attempting to connect, diagnostics is showing that none of the user information is being passed. If I manually pass the username and password it in code, it will work.

 

The SDK example of connecting with the DomainAuthenticationProperties doesn't mention anything about passing username and password, and I'm certain I did this before the AD Authentication configuration for WebAppServer changed.

 

1. The customer is using AD Authentication (Enhanced)

2. The Authentication white paper has been followed, this environment has been up and working for a while

3. The Unity Client and the Web Client both auto-login using AD Authentication from the same client machine.

 

Is it still possible to authenticate with AD credentials in the API without user interaction?

If so, what might I be missing?

Labels:
0 Kudos
6 REPLIES 6

Joseph_Artuso
Confirmed Champ
Confirmed Champ

‎11-22-2021 07:34 AM

Hi Jacob,

We still use AD Auth (Basic) but here's the code we use to connect to the Unity API. We do not pass an usernames or passwords. Also make sure your site in IIS has Windows Authentication enabled.

 

var auth = Application.CreateDomainAuthenticationProperties(
    _config["DomainAuthUrl"],
    _config["DataSource"]);

auth.LicenseType = LicenseType.Default;
Application app = Application.Connect(auth);

 

When you call Application.Connect, do you get an error? If you don't get an error and can connect, what do you see for app.CurrentUser?

0 Kudos

Jacob_Dahlke6
Star Contributor
Star Contributor
In response to Joseph_Artuso

‎11-22-2021 12:31 PM

The error received indicates that the username / password is not passed unless I specify them. The exception is an AuthenticationFailedException. 

 

What version are you using?  This is EP2 after all of the NT authentication / Kerberos changes were made. I can verify that the application server and the Web Server are both setup correctly to those specifications - web client and Unity Client work as expected with autologin with domain authentication.

0 Kudos

Steve_Williams1
Star Contributor
Star Contributor

‎11-22-2021 03:34 PM

Hi,

 

Here is the C# code we are using to connect from an external application:

 

I hope it helps.

 

Cheers,
Steve Williams

 

public OnBaseConnection(out string oMessage)
{

oMessage = String.Empty;

string appServerURL = Helpers.ReadAppSetting("OnBaseApplicationServer", out oMessage);
if (String.IsNullOrEmpty(appServerURL) == true)
{
throw new ArgumentException("Error reading web.config for \"OnBaseApplicationServer\":", oMessage);
}

string dataSource = Helpers.ReadAppSetting("OnBaseDataSource", out oMessage);
if (String.IsNullOrEmpty(dataSource) == true)
{
throw new ArgumentException("Error reading web.config for \"OnBaseDataSource\":", oMessage);
}

DomainAuthenticationProperties authProps = Hyland.Unity.Application.CreateDomainAuthenticationProperties(appServerURL, dataSource);
if (authProps == null)
{
oMessage = "Failed to retrieve DomainAuthenticationProperties";
return;
}

oMessage = "Failed connecting to[" + appServerURL + "] with ODBC[" + dataSource + "] as authenticated user: " + WindowsIdentity.GetCurrent().Name+" - ";
try
{
app = Hyland.Unity.Application.Connect(authProps);
}
catch (MaxLicensesException)
{
oMessage = oMessage + "OnBaseConnection Error: All available licenses have been consumed.";
}
catch (SystemLockedOutException)
{
oMessage = oMessage + "OnBaseConnection Error: The system is currently in lockout mode.";
}
catch (InvalidLoginException)
{
oMessage = oMessage + "OnBaseConnection Error: Invalid Login Credentials.";
}
catch (UserAccountLockedException)
{
oMessage = oMessage + "OnBaseConnection Error: This account has been temporarily locked.";
}
catch (AuthenticationFailedException)
{
oMessage = oMessage + "OnBaseConnection Error: NT Authentication Failed.";
}
catch (MaxConcurrentLicensesException)
{
oMessage = oMessage + "OnBaseConnection Error: All concurrent licenses for this user group have been consumed.";
}
catch (InvalidLicensingException)
{
oMessage = oMessage + "OnBaseConnection Error: Invalid Licensing.";
}
catch (Exception ex)
{
oMessage = "OnBaseConnection Error: " + ex.Message + ex.StackTrace;
}

if (app != null)
{
oMessage = "Successful connection to [" + appServerURL + "] with ODBC [" + dataSource + "], Authenticated User: " + WindowsIdentity.GetCurrent().Name + ". Connection ID: " + app.SessionID;

}
return;
}

0 Kudos

Jacob_Dahlke6
Star Contributor
Star Contributor
In response to Steve_Williams1

‎11-23-2021 04:04 AM

what version?

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC