You are viewing limited content. For full access, please sign in.

Question

Question

Windows Authentication not working, SDK 10.2

Version 10
Updated October 10, 2019
asked on October 7, 2019

We wrote a LaserFiche API and we want to use windows authentication. In IIS, Windows Authentication is enabled and everything else is disabled, Kerberos is also set-up but when we ran our client that calls the API, we get this error "Laserfiche.RepositoryAccess.AccessDeniedException: The user account name or password is incorrect. [9010]." 

 

Hosting the API on the LaserFiche server did not make any difference, this is the error we get:

Laserfiche.RepositoryAccess.AccessDeniedException: Log in failed because the number of sessions has reached the licensed limit, or the user account has reached its session limit, or no named user license has been allocated to the user account. [9030]
   at Laserfiche.RepositoryAccess.Session.SendLogInRequest(String idnRepName, HttpCredential credentials)
   at Laserfiche.RepositoryAccess.Session.LoginToServer(RepositoryRegistration repository, HttpCredential credentials)

 

Below is the code snippet for the log-in

session.Connect(repository);
                        if (session.IsConnected)
                        {
                            // Log in using windows auth
                            session.LogIn();
                        }

 

The API works when we pass a LaserFiche user name and password or when we we use a specific windows account in the AppPool that is used by the Web API but we don't want to use a LaserFiche account or assign a specific windows account in the application pool, is there anything that we are missing?

0 0

Replies

replied on October 7, 2019

It sounds like your users are correctly authenticated, but you are probably not impersonating them when you try to connect to Laserfiche. If you don't want to impersonate them all the time, you need to explicitly begin impersonation. See this previous thread.

1 0
View 2 previous replies
replied on October 8, 2019

Thank you for the response, I reviewed the previous thread and implemented impersonation but still getting the error below. I know that impersonation is working as I enforced logging to see what user account is being impersonated and it is impersonating my account and I have access to LaserFiche but still getting an error:

 

2019-10-08 15:09:07,715 [16] INFO lf_api_framework.Startup - Current User: Domain\***winchel****
2019-10-08 15:09:07,761 [16] INFO lf_api_framework.Startup - Name of the identity after impersonation: Domain\***winchel****.
2019-10-08 15:09:08,043 [16] ERROR lf_api_framework.Startup - Laserfiche.RepositoryAccess.AccessDeniedException: Log in failed because the number of sessions has reached the licensed limit, or the user account has reached its session limit, or no named user license has been allocated to the user account. [9030]

The API is hosted on a different server from LaserFiche. Thanks.

0 0
replied on October 9, 2019

I hosted the same API in the LaserFiche server and it works, but when the API is hosted on a remote server, we still get the error:

Laserfiche.RepositoryAccess.AccessDeniedException: Log in failed because the number of sessions has reached the licensed limit, or the user account has reached its session limit, or no named user license has been allocated to the user account. [9030]

0 0
replied on October 9, 2019

That usually indicates that Kerberos is not configured correctly. Impersonating an identity for local services doesn't require Kerberos. Delegating the identity to a remote server does.

0 0
replied on October 10, 2019

Brian, thank you for the reply, can you point me in the direction as to where I can find more information as far as how to configure Kerberos. Thanks.

0 0
replied on October 10, 2019

There are lots of articles and white papers on the support site.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...