14 Replies Latest reply on Dec 16, 2015 11:48 AM by PetterBrodin

    AFSDK: How to connect to a PI system across domains thru AFSDK C#?


      Hi there,

      I am writing an application that connects to different PISystems, the following code works when connection locally or but it does not work if try to connect to a PISystem on a different domain.

      **************************code snippet******************************

      PISystems piSystems = new PISystems(); //for instance my computer is in domain "myCompanyIT.com"

      PISystem targetPISystem = piSystems.Add(afServerName); //PIOPS

      targetPISystem.ConnectionInfo.Host = piHostName; // for instance the host name is hosted on  "PIServer.myCompanyOps.com"

      AFDatabase afDatabase = targetPISystem.Databases[afDatabaseName];// Operations


      targetPISystem.Databases has not items, so afDatabase is always null


      How to connect to a PI system across domains using the AFSDK?

      I am not sure what I am missing


      NOTE: Thru PI System Explorer it prompts a login screen when trying to connect to the remote PiSystem , but again I am not sure how to set this in code


      Thanks for your help

        • Re: AFSDK: How to connect to a PI system across domains thru AFSDK C#?
          Mike Zboray

          You can call one of the PISystem.Connect overloads and provide credentials or ask it to prompt the user for credentials.

          • Re: AFSDK: How to connect to a PI system across domains thru AFSDK C#?

            Another option that doesn't involve modifying the application code is to use the application or service account's Windows Credential Manager storage option to store the untrusted domain Windows logon credential to automatically log into the AF server at the network path saved with the credential.

            Instructions from Microsoft: Store passwords, certificates, and other credentials for automatic logon

            • Re: AFSDK: How to connect to a PI system across domains thru AFSDK C#?
              Marcos Vainer Loeff

              I am not sure if this helps you but in case you are developing a web application, you can impersonate the client's account and use its credentials to connect to the PI System. Please refer to this blog post for more information.

              • Re: AFSDK: How to connect to a PI system across domains thru AFSDK C#?

                Hello Gerardo,


                You have asked a very interesting question.  This is a common question especially when it is necessary to shift between production / integration and test environments.

                There are several ways to solve this and my two colleagues,Mike and Arnold, already presented two solutions, there is a third one that I will also present.  And just before I do that let's just take a step back and ask ourselves what do we want to do exactly? Is it better to stick to a simplest windows mechanism or does my application needs to manage the credentials entirely with the code?


                If I was writing a windows application I believe I would use the simplest form of windows authentication in my application, that means use the credentials of the user that is executing the application.  It makes more sense to me since you know what to expect in your code and also you don't have to re-invent the wheel and manage users internally within your application.  That being said, you are in the best position to tell whether you need to do it or not in your application since you may need a very specific approach.


                Typically real production environments only consist of one domain (or a forest of trusted domains), and if you need to connect to another domain for testing purpose there are code-less techniques that can be used.  This is much preferable to me since you don't create unnecessary code paths in your application that could risk to impact your users in the production environment.


                Code-less approaches



                The runas command allows you to start any application with other credentials.  It is the /netonly option does the magic of making you connect to an untrusted domain.


                Here is an example of the runas command to start PI System Explorer, you can do this with your own application.

                runas /netonly /user:autobots\optimus "C:\Program Files\PIPC\AF\AFExplorer.exe"


                Windows Credential Manager

                Arnold talked about it and actually I am not sure how the automatical logging works? @Arnold can you give more details on this, about how we could expect this to work when starting an application?


                Programmatic Approach

                For the code-less approaches to work you just connect to AF with the simplest method.


                Simple AF connection that uses authenticated user's credentials - my recommendation:

                const string serverName = "TST-SRV-PI2014";
                var afServers = new PISystems();
                var afServer = afServers[serverName];
                var currentUser = afServer.CurrentUserName;


                However, if you do still require to manage the authentication here is another example that shows how to do it.

                AF connection with specific credentials - use this only if this is the only choice you have, see considerations I explained above:

                const string serverName = "TST-SRV-PI2014";
                const string userName = "optimus";
                const string domain = "autobots";
                const string password = "******";
                var afServers = new PISystems();
                var afServer = afServers[serverName];
                var credentials = new NetworkCredential()
                  UserName = userName,
                  Password = password,
                  Domain = domain
                var currentUser = afServer.CurrentUserName;



                Going Further

                For those who are not familiar yet with the AFSDK, the help is available within PI System Explorer (PSE), Under Help, Help topics.


                Then go to the content tab, and look for AFSDK Library Reference.  It contains a lot of examples and information to get started with the AFSDK.  And you may look for "Connecting to AF Server" in the examples.

                2014-12-19_13-45-04_AF Help.png


                I hope this helps!