Skip to main content
Question

REST token with Active Directory Securioty

  • January 10, 2014
  • 3 replies
  • 10 views

Hello,

 

 

 

I have used the sample REST C# code supplied by Safe to create a simple application. The sample code provided can be located here:

 

 

 

http://docs.safe.com/fme/html/FME_Server_Documentation/Content/REST/FMEServerRestAPIdemo.cs

 

 

 

We have two FME Servers here, one in a test environment, and another for production.

 

 

 

I have written my code against the test server, which uses standard security, using user and password managed by FME Server. Everything works fine.

 

 

 

However, when I use my code against the second server, which is secured by the Active Directory, I always get error 401, access denied.

 

 

 

Is there anyone out there that has used the REST API with Active Directory security?

 

 

Here is an example of the code I use to fetch a token:

 

 

 

        private string GetFmeServerToken()

 

        {

 

            string fmeTokenUrl = this.Serveur + "/fmetoken/service/generate";

 

 

 

            NameValueCollection parameters = new NameValueCollection();

 

 

 

            parameters["user"] = ; "user"; // tried with and without domain name

 

 

 

            parameters["password"] = "password";

 

 

 

            parameters["expiration"] = "2";

 

 

 

            parameters["timeframe"] = "minute";

 

 

 

            byte[] reponseBytes;

 

 

 

            using (WebClient client = new WebClient())

 

            {

 

                if (CustomSetting.FmeImpersonationUtilisateur)

 

                {

 

                    client.UseDefaultCredentials = false;

 

 

 

                    client.Credentials = new NetworkCredential("user", "password", "domaine");

 

                }

 

 

 

                reponseBytes = client.UploadValues(fmeTokenUrl, "POST", parameters);

 

            }

 

 

 

            return Encoding.UTF8.GetString(reponseBytes);

 

        }

 

 

 

Now, to make matters worst, I need to authenticate with a different user account that the one running my application, meaning I need to impersonate a different account.

 

 

 

This code should work, should it not? I tried to not provide the user/password in the named values, which gave me error 400 bad request. I tried without the impersonate code, providing error 401 access denied.

 

 

 

No matter what I do, or what I permutated in my code, I can not get anything to work.

 

 

 

Thank you

 

 

 

Jeff

 

 

 

 

 

3 replies

david_r
Celebrity
  • January 13, 2014
Hi,

 

 

sounds like it might be a configuration error on the AD side of things. have you looked in the FME Server logs?

 

 

David

fmelizard
Contributor
Forum|alt.badge.img+17
  • Contributor
  • January 29, 2014
Also consider the fmetoken service... 

 

On your production environment can you access <fme url>/fmetoken? Can you log in and create a token with an AD user?

  • Author
  • January 29, 2014
Issue resolved.

 

 

First you do not have to impersonate the user, simply feeding the credential into the post query is enough.

 

 

Jeff

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings