Windows Authentication using SDK API

replied on February 14, 2022

You can use Impersonation to sign in to LFS as another domain account. See this post for details. Sample code can be found here.

0 0

View 4 previous replies

replied on February 15, 2022 • Show version history

Can you help me out that which method we will call to my API ?

1) My API hosted on server machine.

2) Multiple user can able to login into repository using windows authentication. Now question is which parameter we required from user to login them via windows authentication as my API host on server machine so my server machine not able to identified user identity.

Which method we will implement from sdk sample . can you please provide me more details ?

Thanks,

pratik

windows.png (23.1 KB)

| Download

0 0

replied on February 15, 2022

As per attached image , for normal login we are passing username and password to validate user but self-hosted environment we does not required any values for windows authentication.

But for remote person who wants to login using windows authentication which parameter they want to pass in my API?

Thanks,

pratik

0 0

replied on February 15, 2022

To enable windows authentication for your application, change the authentication to "Windows Authentication" in IIS. If the Laserfiche Server and your application are installed on different machines, you will need to configure Kerberos to let users log in using Integrated Windows Authentication. See this article for information on configuring Kerberos.

With windows authentication configured, your application will use Impersonation to log on as the authenticated user:

WindowsIdentity winId = HttpContext.Current.User.Identity as WindowsIdentity;

if (winId != null)
{
    using (WindowsImpersonationContext ctx = winId.Impersonate())
    {

        if (winId.IsAnonymous)
        {
            HttpContext.Current.Items["Send401"] = true;
            throw new AccessDeniedException("Unauthorized");
        }

        bool useSSL = false; // Set to true if SSL is needed
        var repoReg = new RepositoryRegistration(server, repoName) { UseTls = useSSL };

        Session sess = new Session();
        sess.LogIn(repoReg);

        // sess is now logged in as the impersonated user.
    }
}

0 0

replied on February 15, 2022

We have application installed on different machine and using the windows authentication we need to fetch Laserfiche folder structure via API which we have hosted on IIS.

My question is which fields we need to ask user to login in repository via windows authentication ? Do we need to ask all 4 parameter like servername, repository name , username and password like attached image.

if yes in username do we need to pass domain\username value ?

From screenshot , which method we need to implement on asp.net mvc api code ?

Thanks,

pratik

SDK integration.png (13.61 KB)

| Download

0 0

replied on February 15, 2022

Fill in the username/password fields to use impersonation in the sample project. Take a look at the sample code where it calls session.LogIn, it takes the domain credentials and logs in as that trustee.

0 0

replied on February 16, 2022

Hello Robert,

Do we required all 4 fields value to login via windows authentication ?

I have implemented imersonation method in my project and passed all 4 parameter with username having domain\user and password and it will create session.

Now please let me know that if any user having my customer application installed , do they need to pass all 4 parameter to login via windows authentication as my .NET hosted on IIS in server.

If all 4 parameter is compulsory then what is the difference between normal login and windows authentication login ?

Thanks,

Pratik

0 0

replied on February 16, 2022

Yes, for that authentication method all 4 are required. The main difference is what user store you are authenticating against - AD or the LFS internal user list.

1 0

Question

Question

Windows Authentication using SDK API

Replies

Sign in to reply to this post.