Impersonation

[s1mm0t]

Hi,

I have been using PSI web services to integrate a .NET 2.0 enterprise
application that I'm working on with project server 2007. I have successfully
used it, to amongst other things, create projects, check projects in/out,
publish project and update enterprise resources etc.

I have got a new requirement to check projects out to a specific user rather
than the admin user that my application is configured to login to project
server as. After some searching it seemed that impersonation was the way to
go, but I'm having problems - I continually get "401 unauthorized".

I found the following link:
http://msdn.microsoft.com/en-us/library/aa974413.aspx which is pretty much
what I want to do but I have been unable to get this working. Due to the set
up of our environment I am having to create a new network credential
specifying the username, password and domain, rather than using the default
credentials otherwise my code is exactly the same. When I try to make a call
to the SSP web service I get a "401 unauthorized" error.

I found this page: http://msdn.microsoft.com/en-us/library/bb428835.aspx and
followed the steps to add a user and configure the SSP for processing
accounts - in both cases I added the administrator user that I have been
trying to connect with, but this still doesn't work.

I have obviously spent time searching for a solution to this problem before
posting here, but the closest I could find to a solution was this post:
http://www.eggheadcafe.com/software/aspnet/34636465/impersonation-and-401.aspx.
This describes the exact same problem that I am having and also (re)-posts
the code that I have been using. Unfortunately, there is no solution.

Thanks for your time.

Simon

 

[s1mm0t]

Hi I've got some more information.

If I run the MSDN sample application on the same server as project server is
running and use default credentials (I logged on as the admin user mentioned
previously) everything works fine. If I change the code so that it doesn't
use the default credentials and specifies them using a credential cache
instead, then it doesn't work (I get the 401 error again) even though I
specify the same credentials that I logged onto the server with. For example,
I use the following code to specify the credentials for all the web services
that the code uses (resProxySSP and resProxyByPWA):

CredentialCache credentialCache = new CredentialCache();
credentialCache.Add(
new Uri("http://portal.fabrikam.com/PWA/"), "NTLM",
new NetworkCredential("administrator", "pass@word1", "fabrikam"));
CredentialCache credentialCache = new CredentialCache();

//resProxyBySSP.Credentials = System.Net.CredentialCache.DefaultCredentials;
resProxyBySSP.Credentials = credentialCache;

In order to use the credentials above rather than the default credentials, I
also needed to comment out the line in the overridden
ResourceDerived.GetWebRequestMethod() method that specifies that the default
credentials should be used:

//webRequest.UseDefaultCredentials = true;

If I reinstate this line and run it on the project server, it works fine
again, so obviously this is they key line. Is there anything that I can
change so that I can specify the login credentials rather than using default
credentials when connecting to the SSP webservice? It will cause me a lot of
pain if I can't (

Also, am I likely to be able to use impersonation remotely or is it likely
to to be tied down to the local machine. At the moment I can't work out
whether I'm getting the 401 error when I run it remotely because of the
credential problem or because your not allowed to do it remotely. I can get
round this problem, but it would be nice to be able to impersonate remotely
if possible.

Thanks

Simon