3 Replies Latest reply on Apr 23, 2014 5:17 PM by Bhess

How to Configure Security for Pi Web API?

chriswhsu Apr 22, 2014 6:28 PM

I'm looking for information on configuring security for the Pi Web API.

I have the API installed and can get asset servers and databases to list by leaving prompting username / password blank. However, once I try to retrieve elements, I run into the following error:

{
"Errors": [
"The Windows identity 'NT AUTHORITY\\ANONYMOUS LOGON' associated with the request cannot be impersonated."
]
}

I have tried logging in at the prompt with a user with full permissions on the pi server and af server, but it doesn't appear to accept those credentials.

Any pointers or documentation would be greatly appreciated.

Thanks,

Chris

Re: How to Configure Security for Pi Web API?

chriswhsu Apr 22, 2014 6:31 PM (in response to chriswhsu)

Note, I'm using the beta release.
Like Show 0 Likes(0)

Actions
- Re: How to Configure Security for Pi Web API?
  
  chriswhsu Apr 22, 2014 6:50 PM (in response to chriswhsu)
  
  Never mind. My issue was I was using Chrome which didn't pass Windows based authentication through. Using IE, things are working.
  
  Like Show 0 Likes(0)
  
  Actions
  - Re: How to Configure Security for Pi Web API?
    
    Bhess Apr 23, 2014 5:17 PM (in response to chriswhsu)
    
    Chris,
    
    Also note that it is possible to get Chrome to pass through Windows integrated security as well. I don't know the details of your environment, but this page may help if you're looking to get to the bottom of this:
    
    www.chromium.org/.../http-authentication
    
    In case other people come across this thread and are wondering-- there is no support for Kerberos/Negotiate/Windows Integrated Security in Firefox or Safari. The Web API team has just wrapped up support for HTTP basic authentication, which will be available in the final release (though not enabled by default).
    
    Thanks,
    
    Brad
    
    Like Show 0 Likes(0)
    
    Actions

Go to original post