Interviewer - Server > Architecture > Interview Service tier > Quota web service > UserAuth web service > UserAuth web service URLs
 
UserAuth web service URLs
The UserAuth web service uses the following URLs:
/UserAuth/Logon URL
Two authentication schemes are supported: “Basic” (username and password) and “Ticket” (username and ticket, obtained elsewhere).
For Basic authentication, the authorization value must comprise a value of “Basic”, followed by the base64 encoded username and password in this format: username:password.
Basic authentication does not encrypt of the username and password. In a insecure environment, HTTPS must be used.
For Ticket authentication, the authorization value must comprise a value of “Ticket”, followed by the base64 encoded username and ticket in this format: username:ticket.
The client must perform a GET request to this URL with an HTTP header variable called “Authorization”.
The response contains: the user name submitted; a ticket that can be used to log on again elsewhere if needed (for example, by a DPM agent); and a user session ID that identifies the user session.
The authentication ticket is valid for 24hrs. The UserSessionId is valid by default for 10 minutes; to change this, use the SessionTimeout web.config property: see Web.config settings.
XML example
<Logon UserName="User1" Ticket="O2MxVGOuU2vPSsavmCPPzxiKYmg=" UserSessionId="111gp33mgsnw5gptz155niwv" />
JSON example
{
"UserName": "User1",
"Ticket": "O2MxVGOuU2vPSsavmCPPzxiKYmg=",
"UserSessionId": "111gp33mgsnw5gptz155niwv"
}
/UserAuth/WindowsLogon URL
You can use Windows Integrated Authentication by making a GET request to the /UserAuth/WindowsLogon URL using an appropriately configured client. The HTTP challenge/response occurs automatically, and returns the same response as that used by the UserLogon URL, except that the user name is a domain name instead of an ISA username.
/UserAuth/KeepAlive URL
This URL keeps a user session alive. The GET request to this URL must contain a valid UserSessionId returned by a Logon URL. It returns only an HTTP status code, with no response body.
If you do not use the KeepAlive URL, the user session timeouts after the interval that is specified by the SessionTimeout web.config property (the default interval is 10 minutes). Updates to the “last used time” of the internal user session are cached and the LastUpdated field of the user and application session tables are updated at the rate that is specified by the DatabaseKeepAliveUpdateInterval web.config property (the default value is 1 minute).
/UserAuth/Logoff URL
This URL invalidates the user ticket and terminates the user session, in memory, in the UserSession table, and in the ApplicationSession table. You must supply the user session ID as an HTTP header variable. It returns only an HTTP status code.
See also
UserAuth web service