Auth in Aras 12

Hello guys

We have an mvc C# app and we use IOM to connect to aras.

Has anyone tried the "old" way connecting via var conn = IomFactory.CreateWinAuthHttpServerConnection(url, db); and got it successfully working on production environment? It's not working for me the impersonation does not work. The app cannot log in, but if im in my dev environment using IIS express everything is fine user is found and logs in.

Best regards

  • just an update i managed to get token or rather use the token provider

    via

    var conn = IomFactory.CreateHttpServerConnection(url, tokenProvider, ProtocolType.Standard);

    everything works in development but on production i get Invalid user name: 

    Error:Invalid user name.

    Any hints?

  • Another update

    i checked the username under which the token is generated and its the user which the application pool is running under and not the user opening the webpage. Meaning the asp.net Impersonation is not working.

    Has anyone got impersonation working?

  • Which Innovator version do you use? I have seen some changes regarding impersonation in the codetree in the latest Innovator versions when moving a test environment from 12SP7 to 12SP10. But the C# application didn´t mind.

    But I use the standard connection from development guide --> IomFactory.CreateHttpServerConnection(url, db, user, pw);

  • Hello I tried 12 sp2, 12sp5, 12sp10 (to my recollection all have same issue).

    Currently using aras 12 sp10.

    Yes standard connection (windows auth is i hope also standard connection) doesnt require impersonation since you're logging with specific user not windows identity.

    On Aras 11, the impersonation works. Im at a loss here I simply cant find where the impersonation fails but only with iom - I am assuming the issue is the IdentityServer not the IOM itself.

    The workflows for auth should be more described in the docs i think

  • Are your Innovator 12 instances fresh installed version or updates of your original Innovator 11? In my case I had a lot of trouble that the Innovator 11 ActiveDirectory IIS settings conflicted with Innovator 12 where these settings were no longer necessary. E.g. VaultServer crashes reliable once an hour and relogin of users failed after a long time of inactivity.

    The latest Programmers guide offers more information regarding Active directory sign-in. But I haven´t tried them yet.

  • They are upgrades yes from 11.

    The document i am using comes with sp9 i think 

    Document #: 12.0.02019054101 Last Modified: 05/12/2020

    I've tried quite few windows auth attempts from the pdf and all share common issue - impersonating not working

  • I'll try with clean windows 10 with iis .net 4.7.2 (no .net core etc) iom 12, and see what kind of token i get (i hope the impersonation will actually work since it wont be on same server as aras 12, that seems like a it could hit a double hop issue) 

  • Heelo Angelalp i tried on several machines, even clean one, and the result is the same impersonation not working with IOM 12

  • Hi,

    have you tried to ask Aras support about this one? I am interested in this topic, cause I assume I will face it myself one day. Active directory can always be tricky.

    Maybe you have to modify the ...\OAuthServer\OAuth.config. It conifgures the grand types. IOMApp doesn´t contain impersonate right now:

    You could try to add <grantType name="impersonate"></grantType> . But I am really just guessing. 

  • Yes i have had no luck as of yet with support. I dont think grant type of impersonation is the way to go afaik it mostly for server to server communication.