Home
Extended ECM
API, SDK, REST and Web Services
SSO between ASP.NET app and livelink
Suncor_ECM_Platform_Support
We are currently seeking possibilities for SSO between a ASP.NET application and Livelink. Here is how it supposes to work: a user accesses to ASP.NET application using NTLM authentication (no user name and password prompted), then the application passes user?s credential to Livelink to create a connection. My questions are:1. has anyone here done something similar to this?2. Will it work with LAPI?thanks,Jun Rui
Find more posts tagged with
Comments
eLink User
Message from Nair, Krishnankutty via eLinkFirst ascertain whether you will tunnel (instead of LL's app port youwillUse webserver).If webserver is set to anonymous+basic auth ,orIWA +basic auth and remote_user is coming thru to livelink the Any lapi code executed against this server should work.There is a working sample in C# in the communities.opentext.com siteIf it is a non-tunneling connection,I have not done it but you need touse A certificate assisted method,I guess it is called secure connect. BTW:LL's dirsvcs module which provides SSO actually looks forremote_userVariable,the rest of it is mostly in the web server configuration.Use the alpi connection utility by OT to see if your livelink recognizestheSSO stuff it will definitely help you.-----Original Message-----From: eLink Discussion: LAPI Discussion[mailto:lapi@elinkkc.opentext.com] Sent: Friday, June 01, 2007 4:11 PMTo: eLink RecipientSubject: SSO between ASP.NET app and livelinkSSO between ASP.NET app and livelinkPosted by ECM Platform Support, Suncor on 06/01/2007 05:10 PMWe are currently seeking possibilities for SSO between a ASP.NETapplication and Livelink. Here is how it supposes to work: a useraccesses to ASP.NET application using NTLM authentication (no user nameand password prompted), then the application passes user's credential toLivelink to create a connection. My questions are:1. has anyone here done something similar to this?2. Will it work with LAPI?thanks,Jun Rui[To reply to this thread, use your normal E-mail reply function.]============================================================Discussion: LAPI Discussion
https://knowledge.opentext.com/knowledge/llisapi.dll/open/765428Livelink
Server:
https://knowledge.opentext.com/knowledge/llisapi.dllTo
Unsubscribe from this Discussion, send an e-mail tounsubscribe.lapi@elinkkc.opentext.com.-----------------------------------------*Please note my E-Mail Address has changed. Please update yourcontact list*Anadarko Confidentiality Notice: This electronic transmission and any attached documents or otherwritings are intended only for the person or entity to which it isaddressed and may contain information that is privileged,confidential or otherwise protected from disclosure. If you havereceived this communication in error, please immediately notifysender by return e-mail and destroy the communication. Anydisclosure, copying, distribution or the taking of any actionconcerning the contents of this communication or any attachments byanyone other than the named recipient is strictly prohibited.
Suncor_ECM_Platform_Support
thanks for replay. The problem I had was the user's credential could not be passed to Livelink with impersonation on for our ASP.NET application. Finally we used LAPI impersonation to get it around. It is ideal solution for us, but we can live with it. Thanks again.Jun Rui
eLink User
Message from Nair, Krishnankutty via eLinkDo you mean you are using impersonateUser By creating an 'Admin' session or something else.But couldn't your windows app cash in on the fact thatYou are logged in to the network,thereby Having already authenticated to the NTLM piece.If it is not too much trouble post a snippet of code at the communitiesor hereSo people can have a little help. -----Original Message-----From: eLink Discussion: LAPI Discussion[mailto:lapi@elinkkc.opentext.com] Sent: Monday, June 04, 2007 4:55 PMTo: eLink RecipientSubject: thanks for replay. The problem I had was the user's credentialcould not be...thanks for replay. The problem I had was the user's credential couldnot be...Posted by ECM Platform Support, Suncor on 06/04/2007 05:51 PMthanks for replay. The problem I had was the user's credential couldnot be passed to Livelink with impersonation on for our ASP.NETapplication. Finally we used LAPI impersonation to get it around. Itis ideal solution for us, but we can live with it. Thanks again.Jun Rui[To reply to this thread, use your normal E-mail reply function.]============================================================Topic: SSO between ASP.NET app and livelink
https://knowledge.opentext.com/knowledge/llisapi.dll/open/12462597Discussion
: LAPI Discussion
https://knowledge.opentext.com/knowledge/llisapi.dll/open/765428Livelink
Server:
https://knowledge.opentext.com/knowledge/llisapi.dllTo
Unsubscribe from this Discussion, send an e-mail tounsubscribe.lapi@elinkkc.opentext.com.-----------------------------------------*Please note my E-Mail Address has changed. Please update yourcontact list*Anadarko Confidentiality Notice: This electronic transmission and any attached documents or otherwritings are intended only for the person or entity to which it isaddressed and may contain information that is privileged,confidential or otherwise protected from disclosure. If you havereceived this communication in error, please immediately notifysender by return e-mail and destroy the communication. Anydisclosure, copying, distribution or the taking of any actionconcerning the contents of this communication or any attachments byanyone other than the named recipient is strictly prohibited.
Suncor_ECM_Platform_Support
yes, we are using LAPI impersonate method with an admin account. Our application is not a window application, it is a web-based application. I think this is the reason we are having problems to pass user's credential to Livelink.
Daniel__Morgan_(danielmorgan_-_(deleted))
I was able to pass credentials to live link using the below snippet.HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create("your livelink site.com"); myRequest.Credentials = new NetworkCredential(p_UserName, p_Password);v/rDan
Louis_Routhier
You're right this would work... but not for SSO. The problem is that on the web server, you have no way of knowing the PW without asking the user.As for the fact that you can't sent the credentials to your Livelink server, it is because of the "anatomy" of the NTLM security token. A security token may be defined as many things. One of them is to be "delegatable" (ok, sorry for the terms that are not quite exact but I think I should be able to communicate the main point). A delegatable token can be passed over to another system BUT this is a 1-hop jump only.When you build a winform app, you'Re running locally. The token you have on your machine IS the one used by your application. No hop required yet. When it needs to talk to Livelink, the token is still delegatable and is passed to Livelink through HTTP tunneling.In a web app, your browser runs on your machine with you delegatable credentials. When you communicate with the web server, you're token is impersonated by the web app. Then, you call Livelink on a third server. The token you now have on the web server is a runtime only token and cannot be passed over to the Livelink server.Theoritically:You have livelink AND your say IIS installed on the same physical server (and by physical, this would consider 2 virtual machines running on the same box to be 2 different physical servers). Then, your browser is hop 0, the IIS server is hop-1 and since both apps run on the same server, Livelink would still be hop-1.This is the reason why if you test with your local web server, it will work since your browser and IIS are on the same box.It's now time for a solution:The best I think is to refer you to a short article I posted some time ago on the Best Practices Wiki
http://communities.opentext.com/communities/llisapi.dll/wiki/162164/How to use integrated security
