Skip to Content (Press Enter)
2016-03-09 17-21-39
Fabian
88Views
5Comments
Solved
IntegratedSecurityGetDetails blank
Question
Active Directory
Authentication
In OnSessionStart i'm calling IntegratedSecurityGetDetails. The first time i load the browser and the app i noticed that the username is "" but then a security exception is thrown and the NoPermission screen's preparation is executed where a redirect to IntegratedAuthentication.aspx takes place. After that the OnSession Start is executed again but this time IntegratedSecurityGetDetails.UserName is NOT blank anymore.

In the documentation for IntegratedSecurityGetDetails it says:

If the information is not available, i.e. the user is not authenticated in the Windows system, all the boolean output parameters return false and the username is "".

That's strange because i'm of course authenticated in Windows since i'm logged in to my PC and i'm running IE so why would username ever be blank?

Is there any way to get the windows user's username onSession start at all times?

Thank you very much for any ideas.
0
0
14 Apr 2016
Copy Link
2012-03-16 12-21-09
João Rosado
Staff
Solution
Hi,

I like to avoid doing logic in OnSession starts, since it's not easy to understand when it runs. Sometimes it's too soon for what we need and usually it runs more times than expected.

Ex: A naive approach without a Commit after setting the IsActive would keep the database line locked and actually deadlock a login attempt. On the other end, since you can get a OnSessionStart as side effect of other operations (like a Logout, TenantSwitch or even in the middle of an action if your module is used as a producer of actions), then calling a Commit in OnSessionStart can commit unintentionally things that already happened  before it was triggered!!!


Assuming that all your users actually login with integrated authentication you can try to just change the NoPermission screen to Integrated Authentication = Yes.
And then place a IntegratedSecurityGetDetails before the User_GetUnifiedLoginUrl call. If you get the correct user set there, I think it's a good place to put your user reactivation logic.

This way it is only in a single place (well once per application that has a separate common/login flow, but you can create an Public Action and place it in a reusable component since and just call it there) and you don't get the performance impact of having all your screens with integrated authentication or have to worrie when is the OnSessionStart actually called.


Regards,
João Rosado
See solution in context
1
0
15 Apr 2016
Copy Link
2012-03-16 12-21-09
João Rosado
Staff
Hi Fabian,

The information is only filled if the WebScreen (or Web Flow) you are accessing has Integrated Authentication property set to True. That is why in the invalid permissions process it redirects to a different page automatically.

If you want to make sure it is always filled you will need to enable that on all Web Screens. (also note that the way browsers implement it, they do not send credentials on the first request, they do a second request internally if the server requires them, so having it on in all the pages can mean more communication roundtrips)

Regards,
João Rosado
0
0
14 Apr 2016
Copy Link
2016-03-09 17-21-39
Fabian
Thank you Joao
I have set Integrated Authentication to true at the Flow level for both Common and Main flow. I didn't have it at the page level but tried that without success.

I have now written a simple extension that gives me HttpContext.Current.User.Identity.Name

However when i call that at Session start i get "city_exchange\covagiledev$" the first time i call it (i.e. that's when username from IntegratedSecurityGetDetails is blank). The second time the session is started i get "city_exchange\myuserid"

city_exchange is our domain. covagiledev is the name of our outsystems server. don't know what the $ at the end indicates. we dont' have a user of that name in our environment. 

I think the issue is as you mentioned that the browser does not have credentials on the first requrest.
0
0
14 Apr 2016
Copy Link
2016-03-09 17-21-39
Fabian
just fyi what i was trying to is to re-activate inactive users. we have a job that runs at night and if a user hasn't logged in for 90 days we set that user to inactive. however when they access an app again we want them to automatically be activated again.

if i can get the name of the user on SessionStart i can check in the Users table if they are inactive and set them to active. 

if i don't do that outSystems won't let the user log in...and we have to manually go an activate the user again.
0
0
14 Apr 2016
Copy Link
2012-03-16 12-21-09
João Rosado
Staff
Solution
Hi,

I like to avoid doing logic in OnSession starts, since it's not easy to understand when it runs. Sometimes it's too soon for what we need and usually it runs more times than expected.

Ex: A naive approach without a Commit after setting the IsActive would keep the database line locked and actually deadlock a login attempt. On the other end, since you can get a OnSessionStart as side effect of other operations (like a Logout, TenantSwitch or even in the middle of an action if your module is used as a producer of actions), then calling a Commit in OnSessionStart can commit unintentionally things that already happened  before it was triggered!!!


Assuming that all your users actually login with integrated authentication you can try to just change the NoPermission screen to Integrated Authentication = Yes.
And then place a IntegratedSecurityGetDetails before the User_GetUnifiedLoginUrl call. If you get the correct user set there, I think it's a good place to put your user reactivation logic.

This way it is only in a single place (well once per application that has a separate common/login flow, but you can create an Public Action and place it in a reusable component since and just call it there) and you don't get the performance impact of having all your screens with integrated authentication or have to worrie when is the OnSessionStart actually called.


Regards,
João Rosado
1
0
15 Apr 2016
Copy Link
2016-03-09 17-21-39
Fabian

Hi Joao.
I moved the auto reactivation code into the preparation of the NoPermission screen and now it works .
The action was already in a reusable component.
Thank you.
0
0
15 Apr 2016
Copy Link
Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.