13 Replies Latest reply on Jun 18, 2013 3:27 PM by BillBPA

    SetAuthenticationOptions

    Beemac

      I've run into the change in the implicit server.open connection. It now uses Windows Authentication first and I want it to use PI Trust..

       

      Setting the option order in About PI-SDK does not affect how the program connects. I need a VBA or C# example of how to set the order using IPISDKOptions.SetAuthenticationOptions.

       

       

       

      Thanks

        • Re: SetAuthenticationOptions
          mhamel

          @Beemac: I invite you to take a look at the PI Application Development Workbook that you can find here. At page 122 within the PI SDK chapter you will find an example as you want. You can set this option for the time of your connection or persist it.

          • Re: SetAuthenticationOptions

            Hello Beemac,

             

            Beemac

            Setting the option order in About PI-SDK does not affect how the program connects.

             

            It should. Are you confident you have set up valid trust?

             

            Beemac

            Is there a way to cast the IPISDKOptions interface in VBA?

             

            Are you possibly using ProcessBook? Does the trust work for ProcessBook. If not, please review your trust settings. Please also monitor the PI Message log on the PI Server. It should be clear what authentication methods are requested in what order, if they work and in case they don't work you should also see some information about what's wrong i.e. "[-10413] No trust relation for this request".

             

            With the support of my valued colleague Mathieu, I was able to create the following example that returns the current authentication options in a message box.

             

             

             
            Private Sub CommandButton1_Click()
                Dim MyPISDK As Object
                Dim ExtPISDK As PISDK.IPISDKOptions
                Dim NVSAuthenticationOptions As NamedValues
                Dim NVSOption As NamedValue
                Dim sMsg As String
                Set MyPISDK = CreateObject("PISDK.PISDK")
                Set ExtPISDK = MyPISDK
                Set NVSAuthenticationOptions = ExtPISDK.GetAvailableAuthenticationOptions
                sMsg = "Authentication Options" & vbCrLf
                For Each NVSOption In NVSAuthenticationOptions
                    sMsg = sMsg & NVSOption.Name & ": " & NVSOption.Value & vbCrLf
                Next
                MsgBox (sMsg)
            End Sub
            

             

              • Re: SetAuthenticationOptions
                Beemac

                Gregor,

                 

                The "problem" is a C# program is connecting to the PI server using an implicit connection. The PI-SDK documentation for version 1.4 describing Server.Open specifically states a programatic connection to the PI server uses it's own authentication setting when using an implicit connection. So, there's a failed connection entry in the log everytime it connects followed by a successful connection using a trust setup for the program even though the connection order set through About PI-SDK specified a Trust connection first.

                 

                Thank you for the code. I wanted a VBA version to test this using Excel.

                 

                Try it yourself and change the connection options using About PI-SDK. When I ran it, shows the order described in the documentation not the order I had specified.

                 

                Bill

                 

                 

                 

                 

                  • Re: SetAuthenticationOptions

                    Hello Bill,

                     

                    I've just tested this with PI SDK 1.4.0.416 installed on a remote client. I've set protocol order on the client to PI Trust in first order and WIS in second order. My application is using Server.Open(). The trust on the PI Server is limited by Domain, OS User, Host name and application name. My application becomes trusted as expected.

                     

                    You may want to open a ticket at OSIsoft Technical Support and check together with a support engineer why your trust doesn't fire.

                      • Re: SetAuthenticationOptions
                        Beemac

                        Gregor,

                         

                        My application does connect as Trusted, but the implicit connection uses the SSPI protocol first which causes a connection failure message. Then the trust protocol is used which succeeds and the program can pull data from the PI server. I want the program to connect using trust first so there are not any failure messages. Using the SetAuthenticationOptions will let me set trust as the first protocol to use.  No more connection failure messages.

                         

                        Bill

                          • Re: SetAuthenticationOptions

                            Hello Bill,

                             

                            Did you set the protocol order on the client to "PI Trust" in first place (PISDKUtility.exe -> Connections -> menu Connections -> Options ...)?

                             

                            If so and if your client application insists asking for "Windows Security" in first place, can you post the code you are using to connect?

                              • Re: SetAuthenticationOptions
                                Beemac

                                Gregor,

                                 

                                Yes, the protocol order was set using the PIDSKUtility with Trust as first option.

                                 

                                I'll see about getting the code.

                                 

                                Bill

                                  • Re: SetAuthenticationOptions
                                    Beemac

                                    Here's the code:

                                     

                                     class sPIServer

                                     

                                       {

                                     

                                           static private PISDKClass pi;

                                     

                                           static private Server piServer;

                                     

                                           static public String ErrorMessage { get; set; }

                                     

                                           static public Int16 ErrorRC { get; set; }

                                     

                                           static public Boolean Initialize()

                                     

                                           {

                                     

                                               // Connect to PI Server

                                     

                                               try

                                     

                                               {

                                     

                                                   pi = new PISDKClass();

                                     

                                                   piServer = pi.Servers.DefaultServer;

                                     

                                                   piServer.Open("");

                                     

                                                   Program.RunLog.WriteLine("Connected to PIServer: " + piServer.Path);

                                     

                                               }

                                     

                                               catch (Exception e)

                                     

                                               {

                                     

                                                   ErrorRC = -400;

                                     

                                                   ErrorMessage = "Error Opening PI Server - " + "[Exception.Message=" + e.Message + "]";

                                     

                                                   piServer = null;

                                     

                                                   return false;

                                     

                                               }

                                     

                                               return true;

                                     

                                           }

                                      • Re: SetAuthenticationOptions

                                        Hello Bill,

                                         

                                        It's not within your code. I wouldn't know any reason why the connection attempt would use "Windows Security" in first place with "PI Trust" in first place selected on the client.

                                         

                                        I am curious about your findings. You may want to try GetSDKDirectoryOptions and SetSDKDirectoryOptions as independent console applications.

                                          • Re: SetAuthenticationOptions
                                            BillBPA

                                            Turns out the documentation is wrong. Each program sets its own authorization. There is no method for globally setting the connection option order for programs connecting to the PI server as you do for Datalink and Processbook using the About PI-SDK.

                                              • Re: SetAuthenticationOptions

                                                Hello Bill,

                                                 

                                                Thank you for the update.

                                                 

                                                I noticed that I referred you to the wrong thread. The correct thread with the previous discussion about this matter is Connecting to a Server with SSPI - Windows Security - Help Please accept my apology.

                                                 

                                                I have located and reviewed the call you've opened at OSIsoft Technical Support. My understanding is that you are concerned that changes to AuthenticationOptions are not persistent except for DataLink and ProcessBook. I am a little unsure if there is maybe a misunderstanding and your expectation is that settings are persistent for each single client application independently. AuthenticationOptions is a global setting on the client that affects all applications that connect through PI SDK. If you want to specify AuthenticationOptions independently from the local setting on the client box, I would recommend doing this non-persistent to avoid side effects with other applications.

                                                 

                                                You may also expect to see the change reflecting in other applications immediately but this is not the case. It's necessary to build a new instance of the PISDK.PISDK object. What I've done for testing is:

                                                 

                                                - Looked up the protocol order using PISDKUtility.exe

                                                 

                                                - Closed PISDKUtility.exe session

                                                 

                                                - Changed AuthenticationOptions persistently

                                                 

                                                - Looked up the protocol order using PISDKUtility.exe

                                                 

                                                According to my observation changes are persistent until they are again changed.

                                                 

                                                Because I was thinking there might be an issue in getting an appropriate handle to PISDK.PISDK object from within VBA, I have also tried the Excel sheet that you've sent to the Technical Support Engineer and found it's working like charm. 

                                                 

                                                 

                                                  • Re: SetAuthenticationOptions
                                                    BillBPA

                                                    Gregor,

                                                     

                                                    From my techsupport call:

                                                     

                                                         "I talked to one of our DA Product Specialists and he said that you must set the connection preference for each individual application."

                                                     

                                                    The persist feature is ONLY for the program setting it, it does NOT affect other program settings nor the settings made using About PI-SDK. Even if the persist is not set, the protocol order is just set for that program. The AuthenticationOptions is not global which is what I've discovered and the documentation on setting it is wrong.

                                                     

                                                    I tested it by pasting the same code into Word with a different protocol order. Its order stayed different from the Excel order.

                                                     

                                                    Bill