You are viewing limited content. For full access, please sign in.

Question

Question

Access Denied

Security Integrations
Updated July 18, 2016
asked on July 8, 2016 Show version history

I have published a website on the web server where Laserfiche Rio 10 installed. I could "Use Windows Authentication" to logon Laserfiche Client fine on the same server; however, if I use other machine, login with the same AD Windows authentication, open browser to access the website, I keep getting "Access Denied. [9013].

 

Note that, the website is ok if userid and password are provided in Laserfiche session login.

 

Here is the Laserfiche Session connection code:

public Session GetLfSession(AdUserProfile pUsrProfile, bool isPrevMethod)

{

     Session lfSession = new Session();

     RepositoryRegistration lfRepositoryReg 

  = new RepositoryRegistration(pUsrProfile.UserLfProfile.LfServerName, pUsrProfile.UserLfProfile.LfRespository);

 

     lfSession.LogIn(lfRepositoryReg);

     return lfSession;

}

 

IIS Web site Authentication setup:

 

 

IIS web site Application Pool:

 

 

Have I missed anything? Please help. Thanks much. 

0 0

Answer

SELECTED ANSWER
replied on July 14, 2016

Have you verified that the WindowsIdentity is the one that you expect?  Can you confirm that this web application is running on the same machine as the Laserfiche server?

1 0

Replies

replied on July 8, 2016

If you want to log in to Laserfiche as the authenticated web user, you need to impersonate them when you create that connection.  See the end of this thread.

0 0
replied on July 8, 2016

Hi Brian, Thanks for your quick reply. Per your link, I am little confused regarding the password. With Windows Authentication, I don't think we could pass the password.

bool loggedOn = LogonUser(user, domain, password, (int)LOGON_TYPE.LOGON32_LOGON_BATCH, (int)LOGON_PROVIDER.LOGON32_PROVIDER_DEFAULT, out tokenPtr);

Please advise,

Thanks,

 

 

0 0
replied on July 14, 2016

I have modified the code with Windows Impersonation but still no luck to get rid of "Access denied. [9013]"  :(
Any Laserfiche Guru please?  Thanks.


Session lfSession                                      = new Session();
RepositoryRegistration lfRepositoryReg  = new  RepositoryRegistration(LfServerName, LfRespository);

WindowsIdentity clientID                         = (WindowsIdentity)HttpContext.Current.User.Identity;

using (WindowsImpersonationContext wic = clientID.Impersonate())
{
     lfSession.LogIn(lfRepositoryReg);
}

0 0
View 1 previous reply
SELECTED ANSWER
replied on July 14, 2016

Have you verified that the WindowsIdentity is the one that you expect?  Can you confirm that this web application is running on the same machine as the Laserfiche server?

1 0
replied on July 15, 2016

Yeah... I had this website in Laserfiche Workflow server!!!

I have just moved the website to Laserfiche Server and it run fine.

 

Thanks so much for saving me from pulling my hair out. :))))

0 0
replied on July 18, 2016

Note that it's not a requirement that the web application run on the Laserfiche server, but if they are on separate machines you need to configure Kerberos.

1 0
replied on July 18, 2016

Thanks Brian. Could you please provide the link to setup Kerberos as well? Thanks again.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...