Im trying to invoke a k2 blackpearl process from a aspx page, but my authentication with the k2 blackpearl server fails and i keep getting the following error
24408 K2:NT AUTHORITYANONYMOUS LOGON from 172.21.40.211:10383 does not have rights to Start Process
I have set the following configuration
<
authentication mode="Windows"/><
identity impersonate="true"/>In the iis i have disabled allow anonymous access and enabled Integrated windows authentication.
Do you have K2 Workspace on this same box and does it show the worklist? If it doesn't, you might want to check your Kerberos settings.
Hi David,
Im glad that you have replied to this as i was with working your aspx control for k2 blackpearl in that web form. Yes, my k2 server box is in a different box and my web application is in different box. How do i configure Kerberos for this kind of setup?
Hello,
Please check the permision for this K2 process on K2 workspace with respect to the windows logon permission in order to start this process. Check whether you ganted the Process START permission.
Madhan,
This is not related to the process rights, this is related to the authentication between mywebsite and the k2 server.
If it was an issue of process rights, i would got "DomainUser does not have access to start the process" error.
I think i need to enable kerberos(which im figuring out how) on my website so that the auth credentials get passed onto k2 server.
Since my website is in a different box tried to connect to the k2 server using the impersonate user function available on the connection variable.
K2Con.ImpersonateUser(
HttpContext.Current.User.Identity.Name.ToString());28026 K2:NT AUTHORITYANONYMOUS LOGON does not have permissions to impersonate user K2:DomainNameUserName
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Exception: 28026 K2:NT AUTHORITYANONYMOUS LOGON does not have permissions to impersonate user K2:DomainNameUserName
Stack Trace:
[Exception: 28026 K2:NT AUTHORITYANONYMOUS LOGON does not have permissions to impersonate user K2:DomainNameUserName]
Pages_SimpleRequest.btnSubmit_ServerClick(Object sender, EventArgs e) in g:IGate est applicationsASP.Net ImplementationSimpleApprovalPagesSimpleRequest.aspx.cs:52
System.Web.UI.HtmlControls.HtmlInputButton.OnServerClick(EventArgs e) +111
System.Web.UI.HtmlControls.HtmlInputButton.RaisePostBackEvent(String eventArgument) +109
System.Web.UI.HtmlControls.HtmlInputButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565
If my website is hosted on the same machine as k2 server, im having no triuble at all.
What should i do to get this working??
Look at the first error, it displays below error message
24408 K2:NT AUTHORITYANONYMOUS LOGON from 172.21.40.211:10383 does not have rights to Start Process
That was because only the anonymous credentials where passed to k2 server and anonymous did not have rights to start the process(as everyone would wish), thus resulting in the error.
My concern is how to take the logged in user's credentials to the k2 server.
David,
Kerberos has been properly configured for the machine which is hosting this web application(It is a same machine which hosts our sharepoint). But i still get anonymous logon when i submit the web form. Do i have to use some code in my asp.net code behind to delegate the user credentials.?
This is the log message
15-06-09 07:37:09 User.GetAllRights: The format of the specified domain name is invalid Resolving User:NT AUTHORITYANONYMOUS LOGON
at SourceCode.Hosting.Client.BaseAPI.BaseAPIConnection.RemoteCall(String TypeName, String MethodName, ObjectO] Parameters, Booleano] NullList, MarshalMessageType CallType)
at SourceCode.Hosting.Client.BaseAPI.BaseAPI.RemoteCall(String TypeName, String MethodName, Object,] Parameters, Boolean ] NullList, MarshalMessageType CallType)
at SourceCode.Hosting.Client.BaseAPI.BaseAPI.RemoteSessionCall(String TypeName, String MethodName, Objectm] Parameters)
at SourceCode.Security.UserRoleManager.Client.UserRoleManagerServer.FindGroups(String userName, IDictionary`2 properties, String labelName)
at SourceCode.Security.K2UMIInterop.K2UMIWrapper.FindSecurityGroups(String User, String Name, String Description)
at SourceCode.KO.User.GetAllRights(String name)
Hi,
Did you find a solution for this problem?
I am struggling with the same thing.
Thank you,
Adriana
Hi,
I have sharepoint web front end (aspx pages) which is calling a service layer (wcf), in turn the service layer is calling the k2 blackpearl to create & fetch the task. It is all working fine.
1. Create an app pool account for your Sharepoint web application & wcf layer or whatever the layer which is calling the K2 & make sure you have impersonation = true in web.config.
Let me know if you need further details.
Regards
Nathan Pillai
London
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.