5 Replies Latest reply on Apr 24, 2013 2:58 PM by Gregor

    Connecting to a Server with SSPI - Windows Security - Help

    edsonsoares

      Hi,

       

      I need to connect to a PI Server using PISDK with SSPI (Windows Secutiry).

       

      I don't know how to do it and I can't find much reference about it in VCampus or online with Google.

       

      I have read about IPISDKOptions and SetAuthenticationOptions, but I couldn't get it.

       

      I'm using the connection like this:

       

       

       
      PIServer server = piSDK.Servers[myServer];
      PIPoint piPoint = server.PIPoints[TagName];
      

       It connects fine, but for some secutirty problems I need to connect using SSPI

       

      I tryed something like this:

       

       

       
      NamedValues nv = new NamedValues();
      
      nv.Add("SSPI", null);
      PISDK.PISDK sdk = new PISDK.PISDK();
      
      PISDK.Server server = sdk.Servers[myServer];
      
      IPISDKOptions opt = (PISDK.IPISDKOptions)sdk;
      opt.SetAuthenticationOptions(nv, false);
      

       but, I do not know how to use this opt object.

       

      Can anyone please  help me with that?

       

      Thanks!

       

       

       

      Edson Soares

        • Re: Connecting to a Server with SSPI - Windows Security - Help

          Hello Edson,

           

          Please let us know if the 2 examples at this other thread are helpful.

            • Re: Connecting to a Server with SSPI - Windows Security - Help
              edsonsoares

              Gregor Beck

              Hello Edson,

               

              Please let us know if the 2 examples at this other thread are helpful.

               

               

              Hello Gregor,

               

              In real life it helps, or better, it helped.

               

              I read your post to write that piece of code that I posted before.

               

              But in your code, it does not tell me how to specify a connection with SSPI (Windows Security). The reason that I need to connect to a PIServer with this authentication mode, is that I need to recover PiValues with RecordedValues method, but the System administrator is telling me that I need to send my Windows Credentials for secutity. Without that, no values are returned.

               

              One important thing I have to say is, that I only have to connect to the PIServer using SSPI when I'm developing to Sharepoint (webpart). When I develope a Web application it works fine.

               

              As I said before, for what I've read online and for what I've read in your code, I could write the following code:

               

               

               
              NamedValues nv = new NamedValues();
              nv.Add("SSPI", null);
              
              PISDK.PISDK sdk = new PISDK.PISDK();
              PISDK.Server server = sdk.Servers[myServer];
              IPISDKOptions opt = (PISDK.IPISDKOptions)sdk;
              opt.SetAuthenticationOptions(nv, false);
              

               But, I don't know what to do with it. I suppose that I have to tell to the connection method that I'm using SSPI to authenticate. But how?

               

              The way I'm trying to get the PIValues is:

               

               

               
              PIValues piValues_ = new PIValues();
              
              piPoint = server.PIPoints[nomeTag];
              
              piValues_ = piPoint.Data.RecordedValues(myDate.ToString(), DateTime.Now, BoundaryTypeConstants.btInside, null, FilteredViewConstants.fvShowFilteredState, null);
              

               ps.: remember, this code works fine with no IPISDKOptions and/or SetAuthenticationOptions method in a desktop application and a web application. But inside a webpart in Sharepoint, it requires that I connect to the PIServer with Windows security.

               

               

               

              Thanks,

               

              Edson Soares

                • Re: Connecting to a Server with SSPI - Windows Security - Help

                  Hello Edson,

                   

                  Edson Ramos

                  But in your code, it does not tell me how to specify a connection with SSPI (Windows Security).

                   

                  There are 2 examples. One for retrieving the settings and one for modifying them. I was thinking that you would use the first one to evaluate what the appropriate setting would be but I recognize I need to take a step backwards.

                   

                  With PI SDK connections settings are stored in the Known Servers Table (KST). The store itself is the Windows Registry but this is of less interest here. PISDKUtility.exe is the tool that is supposed being used to maintain connection settings on a PI SDK client. After launching PISDKUtility.exe select [Connections] -> [Options...] to open the "Connection Options" dialog.

                   

                  1121.ConnectionOptions.jpg

                   

                  The settings you are interested in are maintained within the "Specify Authentication Procedure" area.

                   

                  Because of the way you phrased your question initially, I understood you are looking for a way to chose the authentication method within a client application and to do this non persistently since your application likely shouldn't screw up the settings on a client.

                   

                  In the meantime I have created the following short example on how to retrieve the authentication settings on the client and I used C# this time:

                   

                   

                   
                  using PISDK;
                  using PISDKCommon;
                  
                  namespace PISDK_WIS
                  {
                      class Program
                      {
                          [STAThread] // without this the following exception is thrown: 0x80004002 (E_NOINTERFACE)).
                          static void Main(string[] args)
                          {
                              PISDK.PISDK mySDK = new PISDK.PISDK();
                              Server myServer = mySDK.Servers.DefaultServer;
                              IPISDKOptions myOPT = (PISDK.IPISDKOptions)mySDK;
                              NamedValues myNVS = myOPT.GetAuthenticationOptions();
                              foreach (NamedValue myNV in myNVS)
                              {
                                  Console.WriteLine(myNV.Name + ": " + myNV.Value);
                              }
                              Console.ReadKey();
                          }
                      }
                  }
                  

                  With above I was able to evaluate name and value necessary for this setting.

                  Name Value
                  SSPI 1
                  Trust 2
                  DefaultUser 3

                  Above table lists the existing authentication methods. The value indicates the priority. This means when I like to authenticate via SSPI (Kerberos), I need to specify "SSPI" with priority 1 and this can be done like follows:

                   

                   

                   
                  using PISDK;
                  using PISDKCommon;
                  
                  namespace PISDK_WIS
                  {
                      class Program
                      {
                          [STAThread] // without this the following exception is thrown: 0x80004002 (E_NOINTERFACE)).
                          static void Main(string[] args)
                          {
                              PISDK.PISDK mySDK = new PISDK.PISDK();
                              Server myServer = mySDK.Servers.DefaultServer;
                              IPISDKOptions myOPT = (PISDK.IPISDKOptions)mySDK;
                              NamedValues myNVS = new NamedValues();
                              PIErrors myErrs;
                              myNVS.Add("SSPI", 1);
                              myErrs = myOPT.SetAuthenticationOptions(myNVS, false);
                              myServer.Open();
                              Console.ReadKey();
                              myServer.Close();
                          }
                      }
                  }
                  

                  Edson Ramos

                  I'm developing to Sharepoint (webpart).
                   

                   

                  This sheds a totally different light on the scene and means that above is very likely completely useless in your case.

                   

                  At this point we need a better understanding of what you intend to do.

                   

                  Are you using PI WebParts or do you intend developing your own WebPart(s)?

                   

                  Edson Ramos

                  But inside a webpart in Sharepoint, it requires that I connect to the PIServer with Windows security.

                   

                  Is this just related to the system administrators requirements? Please explain.

                    • Re: Connecting to a Server with SSPI - Windows Security - Help
                      edsonsoares

                      Hi Gregor,

                       

                       

                       

                      I want to thank you. You helped me a lot.

                       

                      My code, as you can see was almost correctly, what I I needed to change, was the priority 1 in

                       

                       

                       
                      myNVS.Add("SSPI", 1);
                      

                       and the 

                       

                       

                       
                      myServer.Open();
                      

                       that for what I read, it was not necessary because the following code 

                       

                       

                       
                      Server myServer = mySDK.Servers.DefaultServer;
                      

                       will connect to the server and open it.

                       

                      With these changes it works fine and my identity (windows) was sent to the server.

                       

                      Gregor Beck

                      This sheds a totally different light on the scene and means that above is very likely completely useless in your case
                       

                       

                      It worked!

                       

                      Gregor Beck

                      Is this just related to the system administrators requirements? Please explain.
                       

                       

                      Yes, it's related to the system administrators requirements.

                       

                      One more time, I want to thank you so much for the help.

                       


                       

                      Edson Soares

                        • Re: Connecting to a Server with SSPI - Windows Security - Help

                          Hello Edson,

                           

                          I am glad to read that you were able solving your issue. So I assume connecting from within your WebPart to the PI System directly works for you. I am not sure if this is something we would recommend or not

                           

                          Setting the server 

                           
                          Server myServer = mySDK.Servers.DefaultServer;
                          

                          or  

                           
                          Server myServer = mySDK.Servers["MyServerName"];
                          

                          causes a connection to the local PI Network Manager is established. This is not an active connection to the PI Server at this point. When setting the Server locally (application is running on the PI Server node) one will find the application within PI Network Manager Statistics (i.e. PI SMT -> Operation -> Network Manager Statistics) but without any credentials showing. When setting the Server on a node that is remote to the PI Server node, one will not see the application in the PI Network Manager Statistics at all.