Livelink WCF Webservice - Auth Issues

Question

I'm a Sharepoint/MS Developer and not too familiar with Livelink. Anyways, I see they have a .NET WCF Service. I'm attempting to do Authentication using this web service and as far as I can read from the API docs, It shouldn't be too difficult.

According to the docs, I need to auth initially with a Admin user which I do and this works fine. Then I can impersonate using the currently logged on user.

Everything works fine until I get to the ImpersonateUser part which fails with a very generic "Insufficient permissions to perform this action." error. Is this a issue on the client side? or LL side? Possible Kerberos not setup propely or at all?

Herwith the code:

 private string ImpersonateUser(string adminToken)
 {
                string userToken = string.Empty;

                llAuthentication.OTAuthentication fLLAuthentication = new llAuthentication.OTAuthentication();
                fLLAuthentication.AuthenticationToken = adminToken;

                fAuthServiceUser = new AuthenticationClient();
                fAuthServiceUser.Endpoint.Address = new EndpointAddress(this.ServiceRoot + "Authentication.svc");
                fAuthServiceUser.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;         

                userToken = fAuthServiceUser.ImpersonateUser(fLLAuthentication, WindowsIdentity.GetCurrent().Name.ToString());

                return userToken;
}

x0n is right. Just a small note: If you're integrating SP and LL you can have a look at Open Text's product AGA (Application Governance and Archiving) for SharePoint. It has an SDK for developers accessing LL from SP. You may find some complex scenarios implemented there so that you wouldn't need to program them from the scratch with WS. — Ferdinand Prantl, Feb 11 '12 at 15:03

score 2 · Accepted Answer · answered Feb 08 '12 at 14:48

2

This has nothing to do with Windows authentication. It just means the livelink user you're initially using to login with does not have the right to impersonate other livelink users. Ask your livelink admin to grant this right (I dno't know the exact right off-hand, sorry)

answered Feb 08 '12 at 14:48

x0n

51,312
7
89
111

Correct. You can use either Admin or other user with the System Administration right to initiate an impersonated connection. I'm not sure if it is possible to restrict the user more by using the LL UI. – Ferdinand Prantl Feb 11 '12 at 14:54

Livelink WCF Webservice - Auth Issues

1 Answers1