PSI 2007: Impersonation not

W

Winnes

Looked into the SDK ProjTool app and tried my own test app.

Neither of them seem to work.

When calling methods with impersonation (SetImpersonation appears to have
done its job), e.g. StatusingProxy.ReadStatus, PSI returns an
InvalidOperationException:

Client found response content type of 'text/html; charset=utf-8', but
expected 'text/xml'.
 
A

Adam Behrle

Winnes,

The text/xml text that you are getting is actually a full HTML page.
If you look at the full response while debugging, it might shed more
light on the exception that is occurring, security or otherwise.

Hope that helps,

Adam
 
B

Berend

The essential of impersonation with Project Server 2007 is the following:



Instead of issuing a web service call using your cached credentials to a
service provider like
http://projectserver/instance/_vti_bin/psi/resource.asmx, you send the
request directly to the Shared Service Provider (SSP), that hosts the
project server.

"/instance/" is replaced with ":56737/SSP", like
http://projectserver:56737/ShareServices1/_vti_bin/psi/resource.asmx.

This call must use the credentials of the Application Pool Identity of the
Application Pool that contains the SSP.



The webrequest you send to the SSP contains two additional headers:

· "PjAuth" with the serialized contextinfo of the user to be
impersonated (isWindowsUser, userAccount, userGuid, trackingGuid, siteId,
lcid)

· "ForwardedFrom" with the relative URL like
"/_vti_bin/psi/resource.asmx"

Your code must override the default webrequest method for SSP related web
service calls



protected override WebRequest GetWebRequest(Uri uri)

{

WebRequest webRequest = base.GetWebRequest(uri);

if (contextString != String.Empty)

{

webRequest.UseDefaultCredentials = true;



bool isImpersonating =

(System.Security.Principal.WindowsIdentity.GetCurrent(true)
!= null);

webRequest.Credentials = new
NetworkCredential("administrator", "2007", "");



webRequest.Headers.Add("PjAuth", contextString);

webRequest.Headers.Add("ForwardedFrom",
"/_vti_bin/psi/resource.asmx");



webRequest.PreAuthenticate = true;

}

return webRequest;

}



You cannot use your default credentials:

Instead of

resProxyBySSP = new ResourceDerived();

resProxyBySSP.Url = PSI_RESOURCE_SSP;

resProxyBySSP.Credentials = CredentialCache.DefaultCredentials;



you need something like this

ICredentials SSPcred = new
NetworkCredential("administrator","2007","");

resProxyBySSP = new ResourceDerived();

resProxyBySSP.Url = PSI_RESOURCE_SSP;

resProxyBySSP.Credentials = SSPcred;



Hope this helps,

Berend
 
W

Winnes

Adam,

You are right!
It seems to be a WSS error:

The file you are attempting to save or retrieve has been blocked from this
Web site by the server administrators

ReadStatus... so retrieve... but why would MyTasks be blocked from whatever
user I try to impersonate with?
 
A

Adam Behrle

Winnes,

Are you able to hit the asmx page in a browser window with the user
you are posting with? Or does that give you the same IIS message?

Adam
 
W

Winnes

Adam,

That is indeed not the case, I get an error as well.
Do I need to setup this account as ... yeah hell, as what?

Winnes
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Impersonation and 401 11
PSI 2007: Impersonation and security/configuration settings 2
ProjTool application 0
Impersonation 2
Web server reference VS2005 4
Impersonation and 401: Unauthorized error 0
April update of the Project 2007 SDK 0
MS Project Server 2007 - using the PSI 2

Top