2 Replies Latest reply on Feb 8, 2012 1:52 PM by rohanar

    PI-SDK ASP.NET Impersonation and Windows Authentication

    rohanar

      We’re having difficulties using the PI-SDK on an ASP.NET 4.0 website and the ServerManager object.   I've been through all relevant threads on the forum related to this issue, without success. Any help would be greatly appreciated.  The intention is to pass the Windows Authentication identity of the user through to the PI-SDK so that access to tags is controlled completely by PI. Has anyone had any luck getting this to work? Our settings are as follows:   

       

      1.       PI 2010 Server and IIS are hosted on separate machines within the same domain.

      2.       Impersonation  = True in web.config

      3.       Authentication Mode = Windows in web.config

      4.       All other forms of Authentication are disabled on the Virtual Directory in IIS

      5.       Running on IIS in Windows 7 and Windows 2008.

      6.       ASPCompat = True in all ASPX pages calling PI

       

       

       

      When  IIS and PI are hosted on the same machine, Impersonation succeeds and correct credentials are passed based on PI logs.  On separate machines, incorrect credentials are passed and Impersonation fails. However, the in an environment with two PI Servers, this scenario is not sufficient.  The only way we’ve found around this is to modify the Domain Controller such that the machine hosting IIS is given Delegation privileges –“Trust this computer for delegation to any service (Kerberos only)" found in AD Users and Computers, select IIS host computer, and modify Properties.    See screenshot below.  Is there any way around modifying the Domain as it's unrealistic in a large-scale production environment.

       

       

       

      Here’s a consolidated code snippet:

       

               Dim myPIServerManager As New PISDK.ServerManager

       

              Dim myServer As PISDK.Server = myPIServerManager.Item(txtServer.Text)

       

              Dim myPoints As PISDK.PIPoints = myServer.PIPoints

       

              Dim myValue As PISDK.PIValue = myPoints(txtPITag.Text).Data.Snapshot

       

              Dim myResult As Object = myValue.Value

       

       

       

              If myValue.Value.GetType.IsCOMObject Then

       

                  lblResult.Text = CType(myValue.Value, PISDK.DigitalState).Name

       

              Else

       

                  lblResult.Text = myResult.ToString

       

              End If

       

       

       

              Dim myPIConnection As PISDK.IServerConnect = DirectCast(myServer, PISDK.IServerConnect)

       

              lblConnectAs.Text = String.Format("Current User = {0}, Authentication Protocol = {1}, Display User = {2}", _

       

                                                myServer.CurrentUser, _

       

                                                myPIConnection.CurrentAuthenticationProtocol, _

       

                                                myPIConnection.DisplayUser)

       

       

       

       

       

      1832.Untitled.png