UserAuth web service
User authentication uses a separate web service called UserAuth. It is installed as an IIS application called “UserAuth” parallel to the “Quota” web service. All URLs to access this web service start with:
http://hostname/SPSSMR/API/UserAuth
The UserAuth has an Application Id of “UserAuthWebService”. Users must have permission for this application in order to be able to use the UserAuth web service, and therefore to use any other UNICOM Intelligence REST web service.
Authenticating users
The UserAuth web service uses a “Logon” URL to check the user’s credentials, and then establishes a user session. This updates the UserSession database table, and then returns a user session ID.
The UserAuth web service authenticates the user by using one of these methods:
▪Basic authentication using a username and password.
▪A ticket‑based logon using a previously obtained ticket.
▪Using Windows Integrated Authentication.
In addition, the UserAuth web service can attach to an existing session that has been created inside ISA.
The user session can be used to log onto the Quota web service, by using the “Logon” URL of the web service. Logging on adds an entry in the ApplicationSession database table, and then returns an application session ID that must be supplied for all other requests to the web service.
For each application session ID, the Quota web service caches the user session ID. Before responding to any request, it first contacts a “KeepAlive” URL on the UserAuth web service. This checks that the user session is still valid, and also tells the UserAuth web service that the user session is still in use.
When the user has finished, the Logoff URL of the Quota web service should be used, followed by the Logoff URL of the UserAuth web service. This moves the entries in the UserSession and ApplicationSession database tables to the UserSessionHistory and ApplicationSessionHistory tables; this enables usage of the web service to be accurately tracked.
See
See also