How to login using Impersonation? -PS2007

[asadim]

I have gone through the ProjTool SDK app as well as the SDK documentation on
Impersonation but still haven't figured out how to login with another user
accout. Here's my Impersonation function (exactly taken from the SDK):

private static void Impersonate(string userAccount)
{
try
{
// PWAGUID is a const already defined
Guid siteId = new Guid(PWAGUID);

// Get the GUID of the user to impersonate.
Guid userGuid = GetResourceUid(userAccount);
Console.WriteLine("User GUID to impersonate: " +
userGuid.ToString());

bool isWindowsUser = true;
if (userAccount.Contains("aspnetsqlmembershipprovider"))
isWindowsUser = false;

ResourceDerived.SetImpersonationContext(isWindowsUser,
userAccount,
userGuid, Guid.Empty, siteId, "1033");

// To get the GUID of the user we are impersonating,
// call GetCurrentUserUid in the Resource Web service.
Guid impersonatedUserGuid = resProxyBySSP.GetCurrentUserUid();

Console.WriteLine(string.Format("\nImpersonating
'{0}':\n\tResourceProxy.Url:\n\t{1}",
userAccount, resProxyBySSP.Url));

Console.Write("\nImpersonated user GUID: ");
Console.WriteLine(impersonatedUserGuid.ToString());
}
catch {...}
}

The later on in my code I have a login function again taken from the SDK:

public static bool LogonPS(bool isWindowsUser, string userAccount, string
baseUrl)
{
bool logonSucceeded = false;

// Assumption made is that this particular app won't need Forms
Auth.
if (!isWindowsUser)
{
Console.WriteLine("Forms Authentications is not supported.");
Console.WriteLine("Application terminated.");
return logonSucceeded;
}

Settings.SetURL(baseUrl);
Settings.SetCredentials();

try
{
string currentUser;
currentUser =
System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();

if (currentUser != userAccount)
{
Impersonate(userAccount);
}

if (loginWindows.Login())
{
logonSucceeded = true;
}
}
catch {...}

return logonSucceeded;
}

And I call login() like follows:

static void Main()
{
string baseURL = "http://server/pwa/";
string userAccount = "DOMAIN\\User";
bool logonResult;

logonResult = LogonPS(true, userAccount, baseURL);

if (logonResult)
{
// do some tasks
}
}

The thing is that, the user I try to login with does get impersonated but it
won't login to PS with that user. Like, after logging in with another user I
still get my own user as the one who's logged in. Am I doing this process
correctly? As I said I wrote the whole program with the aid of the SDK and as
I mentioned the program does impersonate the user but doesn't login with that
user.

 

[Jim Corbin [MSFT]]

You don't need to log on Project Server with the impersonated user -- just
set the impersonation context with that user's credentials for calling the
SSP URLs of the PSI . The LoginForms and LoginWindows Web services are only
through PWA, not through the SSP.

There's a new impersonation Web app in the April update of the SDK. See
Walkthrough: Develop an Impersonation Web Application
( http://msdn2.microsoft.com/en-us/library/bb428835.aspx ).

--Jim

 

[asadim]

I see, thanks. So to access PS with another user's credentials all I would do
is:
SomethingDerived.SetImpersonationContext(...) ? And the "Something" is a web
service.

Btw do I need a seperate derived class for each PS web service if I want to
access it through an impersonated user? e.g. if I want to access the projects
in PS using another user's credentials do I need to have a ProjectDerived
that overwrites the GetWebRequest() function? Or do I need to have derived
classes for all web services? In my case, I would like to logon as the
current Windows user but for certain functions I need to have admin access.
So if my assumption is correct I would call
ResourceDerived.SetImpersonationContext(...) in a function that tries to
access resources, right?

 

[Jim Corbin [MSFT]]

The best way to find out is to step through a working app, e.g. install the
Impersonation Web app and set up debugging as described in the SDK. You only
need derived classes for the Web services you use. The Logon method in
ImpersonationUtils.cs of the Web app doesn't actually log the impersonated
user on, it just sets the default credentials for a Windows user (who also
must be a Project Server user), and sets the SSP URL for all of the PSI
proxies. Then the cmdImpersonate_Click handler sets the impersonation
context for the ResourceDerived object in order for the impersonated user to
call Resource methods on it.

 

[asadim]

Thanks Jim but I am, quite frankly, confused! First I was following the
ImpersoantionConsoleApp in the SDK, then switched to ProjTools, and now
ImpersonationWebApp. I can't find anything similar between these 3 when it
comes to impersonation. For example the console and web apps use proxy files
generated by the server that is running PS2007, but ProjTools doesn't use
them. I have followed the impersonation steps in ProjTools and I am getting a
401 error (the ProjTools itself has no prob doing the job). I am simply
confused... Here're the steps I have taken in my LogonPS():
1) Set DefaultCredentials for web service objects (that are derived from
their parent classes)
2) Set PWA Urls for the derived web service objects
3) Set SSP Urls for the derived web service objects
4) Call the function SetImpersonation(isWindowsUser, userNTAccount,
resourceGuid, siteId) -this is the exact same function as in ProjTools

And it fails at step 4.

I'd arther stay with ProjTools than switching to the web app as I am pretty
much used to where things are in ProjTools, and like I said it works fine.

Your help is appreciated.

 

[asadim]

Already, it turns out that even the impersonator in ProjTools doesn't work
properly; when I go to "Logon As" and enter a user with admin access it
displays a 401 error. This is really wasting my time and energy...

 

[Boaz Lev [MSFT]]

Hi,

Can you explain how your server is set up in terms of security etc. and
exactly what you are trying to accomplish? I am assuming that you want to
log in to Project Server as another user than that of the calling
application? Is that correct?

Thanks,

 

[Webdev2000]

I dont mean to hijack this thread. Can someone please let me know how to
imoersonate an user while pulbishing? I need to update certain tasks during
publishng, but it always takes the svcSharePoint account instead of
publishing users account. Thanks.