2 Replies Latest reply on Feb 8, 2012 1:52 PM by rohanar

    PI-SDK ASP.NET Impersonation and Windows Authentication


      We’re having difficulties using the PI-SDK on an ASP.NET 4.0 website and the ServerManager object.   I've been through all relevant threads on the forum related to this issue, without success. Any help would be greatly appreciated.  The intention is to pass the Windows Authentication identity of the user through to the PI-SDK so that access to tags is controlled completely by PI. Has anyone had any luck getting this to work? Our settings are as follows:   


      1.       PI 2010 Server and IIS are hosted on separate machines within the same domain.

      2.       Impersonation  = True in web.config

      3.       Authentication Mode = Windows in web.config

      4.       All other forms of Authentication are disabled on the Virtual Directory in IIS

      5.       Running on IIS in Windows 7 and Windows 2008.

      6.       ASPCompat = True in all ASPX pages calling PI




      When  IIS and PI are hosted on the same machine, Impersonation succeeds and correct credentials are passed based on PI logs.  On separate machines, incorrect credentials are passed and Impersonation fails. However, the in an environment with two PI Servers, this scenario is not sufficient.  The only way we’ve found around this is to modify the Domain Controller such that the machine hosting IIS is given Delegation privileges –“Trust this computer for delegation to any service (Kerberos only)" found in AD Users and Computers, select IIS host computer, and modify Properties.    See screenshot below.  Is there any way around modifying the Domain as it's unrealistic in a large-scale production environment.




      Here’s a consolidated code snippet:


               Dim myPIServerManager As New PISDK.ServerManager


              Dim myServer As PISDK.Server = myPIServerManager.Item(txtServer.Text)


              Dim myPoints As PISDK.PIPoints = myServer.PIPoints


              Dim myValue As PISDK.PIValue = myPoints(txtPITag.Text).Data.Snapshot


              Dim myResult As Object = myValue.Value




              If myValue.Value.GetType.IsCOMObject Then


                  lblResult.Text = CType(myValue.Value, PISDK.DigitalState).Name




                  lblResult.Text = myResult.ToString


              End If




              Dim myPIConnection As PISDK.IServerConnect = DirectCast(myServer, PISDK.IServerConnect)


              lblConnectAs.Text = String.Format("Current User = {0}, Authentication Protocol = {1}, Display User = {2}", _


                                                myServer.CurrentUser, _


                                                myPIConnection.CurrentAuthenticationProtocol, _