[mapguide-users] please clarify user authentication issues

poy poychris at gmail.com
Wed Sep 10 10:39:08 EDT 2008 

Thanks Kenneth. I would follow your third option which I think would work. 

Thanks again.
poy




Kenneth Skovhede, GEOGRAF A/S wrote:
> 
> The "sessionId" is known as a "security token".
> When you call "CreateSession", you get a token.
> Whenever the token is recieved, it is mapped back to the user who 
> created it.
> So, any use of the token, will grant you the same rights as if you passed
> in
> the username/password all the time.
> 
> The token value is impossible to guess, and expires after some time.
> By using the token instead of a username/password, your end user
> gets the same rights as the user, but you have not revealed the username 
> or password.
> 
> There are currently no way to elevate privileges, so if you have an 
> "Anonymous" user,
> you will have to create a new MgSite object, logged in as the
> administrator.
> As you already know the sessionId, you can save stuff into the anonymous 
> users session.
> Unfortunately, the MapGuide API does not have a method that allows you 
> to save the
> runtime map in another session. Doing so will also cause you trouble if 
> the layers or
> featuresources are unavalible to the anonymous user.
> 
> If you have no trouble there, you can issue a "CopyResource" command, and
> copy the runtime map from the current session to the other session.
> 
> Another option is the MaestroAPI, which can save runtime maps into 
> arbitrary places
> (including Library and another session):
> http://trac.osgeo.org/mapguide/wiki/maestro
> 
> A third option is that you can create a user that has the exact rights 
> required,
> and then use only that user, by issuing a CreateSession before the 
> solution loads.
> 
> Regards, Kenneth Skovhede, GEOGRAF A/S
> 
> 
> 
> poy skrev:
>> Hi All,
>>
>> I have a weblayout, the map definition of which is in a map folder with
>> permissions to access only by the admistrator user group. I also created
>> a
>> Invoke URL command which calls an aspx page in the task pane. In the aspx
>> page I am trying to get the list of layers in the map. My code in the
>> aspx
>> page is as follows:
>>
>>              //get session id from map request
>>                string sessionId = Request.Form["SESSION"];
>>                string mapName = Request.Form["MAPNAME"];
>>
>>                
>>                //initialize web tier
>>                myclass util = new myclass();
>>                util.initialiseWebTier();
>>
>>                //set credentials
>>                MgUserInformation userInfo = new
>> MgUserInformation(sessionId);
>>
>>                //connect to the site and get a feature service and a
>> resource service instances
>>                MgSiteConnection site = new MgSiteConnection();
>>                site.Open(userInfo);
>>            
>>                MgFeatureService featService =
>> site.CreateService(MgServiceType.FeatureService) as MgFeatureService;
>>                MgResourceService resService =
>> site.CreateService(MgServiceType.ResourceService) as MgResourceService;
>>
>>           
>>
>>                //Create a temporary map runtime object
>>                MgMap map = new MgMap();
>>                map.Open(resService, mapName); //fails in this line
>>
>>                //get layers of the map
>>                MgLayerCollection layers = map.GetLayers();
>>                //layers count
>>                int layerCount = layers.GetCount();
>>
>>                //first clear befor loading items
>>                ddlLayer.Items.Clear();
>>
>>                for (int i = 0; i < layerCount; i++)
>>                {
>>                    //add layer names to the layers drop down
>>                    ddlLayer.Items.Add(layers[i].GetName());
>>                }
>>
>> This code works ok for all the maps where there is no restriction on the
>> user group accessing the mapdefinition. But gives a resource not found
>> (map
>> definition resource) error for maps which have access permissions set for
>> a
>> particular group. When the web layout prompts for username and password,
>> I
>> give the administrator user name and password which has access rights to
>> the
>> particular map definition, but still I get a resource not found error.
>> What
>> am I missing in the code? Please help me to sort this. 
>>
>> Thanks all.
>> poy
>>
>>
>>
>>   
> _______________________________________________
> mapguide-users mailing list
> mapguide-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-users
> 
> 

-- 
View this message in context: http://www.nabble.com/please-clarify-user-authentication-issues-tp19392680p19414602.html
Sent from the MapGuide Users mailing list archive at Nabble.com.

More information about the mapguide-users mailing list