Developer Documentation Library > Interviewer - Server Admin > UNICOM Intelligence Interviewer - Server Admin architecture > Security > What activities need to do > Activities that will run in UNICOM Intelligence Interviewer - Server Admin
 
Activities that will run in UNICOM Intelligence Interviewer - Server Admin
All web-based activities must start with an .aspx page.
The installation directory for each activity must contain a virtual directory called Login, which refers to the Login activity in C:\InetPub\wwwroot\SPSSMR\Shared\Login. The following C# code snippet is an example of how logging in can be controlled.
// Get an Agent using the shared class
oAgent = SPSSMR.Web.Utilities.Agent.GetInstance();

// Use the shared class to log in
// The shared class displays the login page if necessary
if (!SPSSMR.Web.Utilities.Agent.Login(oAgent))
{
  // Show error to user
  return;
}
Applications must check that the user has permission for the chosen activity (in case UNICOM Intelligence Interviewer - Server Admin has been bypassed). In order to do this, an application must be registered in DPM. The following function can be called from the first page that is loaded when a user logs in (for example, in Default.aspx).
private bool hasAccessToProject(
SPSSMR.DPM.Security.Login.IAgent2 LoggedInAgent, string ProjectName)
{
try
{
// This will generate an error if the project is not visible to the user
SPSSMR.DPM.IProjects = LoggedInAgent.Server.Projects as SPSSMR.DPM.IProjects;
SPSSMR.DPM.IProject oProject = oProjects.Item(ProjectName);
return true;
}
catch (System.UnauthorizedAccessException)
{
// Project exists but user doesn't have access (permission denied)
return false;
}
catch (System.Exception)
{
// Any other error ...
return false;
}
}
Before this function is called, the LoggedInAgent parameter must reference a valid agent object that has already logged in.
Applications must also check that the user has permission for the chosen project (in case UNICOM Intelligence Interviewer - Server Admin has been bypassed). The procedure is similar to checking that the user has access to the activity. The application must be registered in DPM. The following function can be called from the first page that is loaded when a user logs in (for example, in Default.aspx).
private bool hasAccessToProject(
SPSSMR.DPM.Security.Login.IAgent2 LoggedInAgent, string ProjectName)
{
try
{
// This will generate an error if the project is not visible to the user
SPSSMR.DPM.IProjects = LoggedInAgent.Server.Projects as SPSSMR.DPM.IProjects;
SPSSMR.DPM.IProject oProject = oProjects.Item(ProjectName);
return true;
}
catch (System.UnauthorizedAccessException)
{
// Project exists but user doesn't have access (permission denied)
return false;
}
catch (System.Exception)
{
// Any other error ...
return false;
}
}
If either of these functions returns false, the activity should redirect or transfer to an error page that tells the user that access was denied, and the activity should not continue.
The following code can be used to get an instance of an agent that is logged in:
// Make sure that the session Agent is logged in
try
{
if ( ! SPSSMR.Web.Utilities.Agent.Login() )
{
// Error: The agent could not be logged in
}
}
catch (Exception ex)
{
// Error: The agent could not be logged in
}
SPSSMR.DPM.Security.Login.IAgent2 oAgent = SPSSMR.Web.Utilities.Agent.GetInstance();
See also
What activities need to do