Skip to main content

Using WorkflowManagementServer in SourceCode.Workflow.Management, say I want to connect as an alternate user (specifying another username and password). It appears that I can use the overloaded constructor, or call Open and pass a connection string created with SCConnectionStringBuilder.


Both techniques permit setting securityLabel (string) and isPrimaryLogin (bool). What do these do, and what are the recommended settings?


Also, is there any good documentation for the management API? The help files are incomplete; I figured most of this out from Johnny's K2 Blog.


Thanks!

Hi,


The Security Label specifies to the server against which Authentication Provider the user should be authenticated. By default the "K2" label is the Active Directory. You are however able to add custom security providers with each one of them their own Security Label.


In K2 a single user account can have multiple crdentials stored for different Authentication Providers. In an environment where you have a single Security Label this will always be "True". More information regarding this topic can be found on the following KB article:
http://help.k2.com/en/KB000360.aspx


For documentation on the K2 API's please follow the link below:
http://help.k2.com/en/K2DevRef.aspx


Kind Regards,


gert

Thanks; that was instructive.


Unfortunately it does not work.


Here's how I'm building my connection string:


    const string SecurityLabelActiveDirectory = "K2";

    var connectionStringBuilder =
 new SCConnectionStringBuilder
     {
  Host = ServerName,
  Port = (uint) ServerPort,
  Integrated = false,
  UserID = alternateUserName,
  Password = alternatePassword,
  IsPrimaryLogin = true,
  SecurityLabelName = SecurityLabelActiveDirectory
     };



The actual string comes out as:


Integrated=False;IsPrimaryLogin=True;Authenticate=True;EncryptedPassword=False;Host=OurDevServer;Port=5555;UserID=****;Password=****;SecurityLabelName=K2


Where OurDevServer and the asterisks are the actual server, username, and password.


I've verified that "K2" is the correct AD Security Provider on our configuration (a default install for development).


However, when I call Open with this string, I get:


SourceCode.Hosting.Exceptions.AuthenticationException: Requested Authentication Provider not hosted


I've tried it without specifying a SecurityLabelName and I get the same thing.


Any suggestions?

I contacted support and got the right answer. I needed to set Integrated = true and WindowsDomain = our domain on the SCConnectionStringBuilder.


Both are required; setting Integrated = true without setting WindowsDomain will cause it to use the logged on credentials to authenticate (ignoring the specified UserID and Password).


So:


    const string SecurityLabelActiveDirectory = "K2";

    var connectionStringBuilder =
 new SCConnectionStringBuilder
     {
  Host = ServerName,
  Port = (uint) ServerPort,
  Integrated = true,
  UserID = alternateUserName,
  Password = alternatePassword,
  IsPrimaryLogin = true,
  SecurityLabelName = SecurityLabelActiveDirectory,
                WindowsDomain = "MY-DOMAIN"
     };

    var manager = new WorkflowManagementServer();

    manager.Open(connectionStringBuilder.ConnectionString);

    try
    {
 // Do stuff
    }
    finally
    {
 manager.Connection.Close();
    }

Following on from this thread, I'm trying to write some code that connects to the WorkflowManagementServer using a administration account and not the identity of the current user. 


I've written the following based upon bsorensen's answer and this article:


        private void CreateConnection(string hostServer, string account, string password)
        {
            var connectionBuilder = new SCConnectionStringBuilder
                                        {
                                            Host = hostServer,
                                            Port = (uint)5555,
                                            Integrated = true,
                                            UserID = account,
                                            Password = password,
                                            IsPrimaryLogin = true,
                                            SecurityLabelName = "K2",
                                            WindowsDomain = Environment.UserDomainName
                                        };

            _managementServer = new WorkflowManagementServer();
            _managementServer.Open(connectionBuilder.ConnectionString);
        }


This produces the following connection string (as contained within connectionBuilder.ConnectionString):


Integrated=True;IsPrimaryLogin=True;Authenticate=True;EncryptedPassword=False;Host=hostServer;Port=5555;UserID=account;Password=password;WindowsDomain=domain;SecurityLabelName=K2


with hostServer, account, password and domain containing valid values for my environment.


The Open() method will execute apparently successfully but the next operation using the WorkflowManagementServer object will fail; e.g.


_managementServer.GetStringTable(environment);


will result in the following execption:


SourceCode.Hosting.Exceptions.AuthenticationException: Authentication With Server Failed : Logon failure: unknown user name or bad password ---> SourceCode.Hosting.Exceptions.AuthenticationException: Logon failure: unknown user name or bad password


I know the username and password supplied are valid.


Any thoughts as to what might be going wrong?


David


 

I should have checked the HostServer log before posting...


When the connection is opened, no errors are received.  However any call to a method within the WorkflowManagementServer class results in the following series of errors:


"574819","2011-03-04 08:46:03","Error","Unknown","8060","ProcessPacketError","SourceCode.Hosting.Server.Services.TCPClientSocket.ProcessPacket","8060 ProcessPacket Error, Authentication With Server Failed : Logon failure: unknown user name or bad password","system","xxx.xxx.xxx.xxx","hostServer:C:Program FilesK2 BlackPearlHost ServerBin","574819","c41f8eebee794a0a82b1b6d66d5eb8c6",""
"574820","2011-03-04 08:46:03","Error","EnvironmentServer","15101","Generic","SourceCode.Workflow.Runtime.Management GetUserStatus bytee] bytes]]","15101 Error occurred, ERROR: Authentication With Server Failed : Logon failure: unknown user name or bad password","anonymous","0.0.0.0","hostServer:C:Program FilesK2 BlackPearlHost ServerBin","574820","43b7029cd91e4fd4b3dade178420c684",""
"574823","2011-03-04 08:46:03","Error","System","2025","InternalMarshalError","SourceCode.Hosting.Server.Runtime.HostServerBroker.InternalMarshal","2025 Error Marshalling SourceCode.Workflow.Runtime.Management.WorkflowManagementHostServer.GetUserStatus, Authentication With Server Failed : Logon failure: unknown user name or bad password","system","xxx.xxx.xxx.xxx","hostServer:C:Program FilesK2 BlackPearlHost ServerBin","574823","19515febb3b74781ae54e1dc52bade98",""
"574824","2011-03-04 08:46:03","Error","System","2025","InternalMarshalError","SourceCode.Hosting.Server.Services.TCPClientSocket.InternalMarshal","2025 Error Marshalling SourceCode.Workflow.Runtime.Management.WorkflowManagementHostServer.GetUserStatus, Authentication With Server Failed : Logon failure: unknown user name or bad password","system","xxx.xxx.xxx.xxx","hostServer:C:Program FilesK2 BlackPearlHost ServerBin","574824","d453f41342344ae88514d9ca0d58c7cd",""
"574825","2011-03-04 08:46:03","Error","Unknown","8060","ProcessPacketError","SourceCode.Hosting.Server.Services.TCPClientSocket.ProcessPacket","8060 ProcessPacket Error, Authentication With Server Failed : Logon failure: unknown user name or bad password","system","xxx.xxx.xxx.xxx","hostServer:C:Program FilesK2 BlackPearlHost ServerBin","574825","562191bbf216480582df8836f102d593",""


Any suggestions?  It would appear that the supplied credentials aren't being passed successfully to the host server runtime but I don't know why.


BTW the same connection string works fine when used to connect to a SmartObjectClientServer, so I'm confident that it's not the connection string itself.

Thanks to K2 Support, I've been able to get a connection to work for a specified username and password.  The solution is to build the connection string like this:


        private void CreateConnection(string hostServer, string account, string password)
        {
            var connectionBuilder = new SCConnectionStringBuilder
                                        {
                                            Host = hostServer,
                                            Port = (uint)5555,
                                            Integrated = false,
                                            UserID = String.Format(@"{0}{1}", Environment.UserDomainName, account),
                                            Password = password,
                                            IsPrimaryLogin = true,
                                            SecurityLabelName = "K2"                                        };

            _managementServer = new WorkflowManagementServer();
            _managementServer.Open(connectionBuilder.ConnectionString);
        }


The key considerations are:



  • the Integrated property is set to false
  • the UserID property contains the domain name and the account name ("domainaccount") 
  • the WindowsDomain property is not set

It seems like K2 Support gave you a different answer than they gave me.


It Would Be Nice if a K2 representative would post a clarification of best practices for this use case.

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings