Impersonation EPM using PSI or CSOM - c#

For a project I have to sync hours from an external program to EPM. There is no requirement to use the Client Side Object Model of EPM 2013 or the PSI. But because Microsoft recommends the CSOM on their website for all new applications I tried to implement it with the CSOM. The first thing I wanted to test is to get all the hours, with the following code: (It isn't the most beautiful code because it is for testing purposes)
private static void GetTimesheets()
{
ProjectContext projContext = new ProjectContext("http://tfspsdemo/PWA/");
projContext.Load(projContext.TimeSheetPeriods);
projContext.ExecuteQuery();
foreach (var period in projContext.TimeSheetPeriods)
{
projContext.Load(period.TimeSheet);
projContext.ExecuteQuery();
Console.WriteLine(period.Name);
try
{
string tempName = period.TimeSheet.Name;
projContext.Load(period.TimeSheet.Lines);
projContext.ExecuteQuery();
Console.WriteLine(period.TimeSheet.Name);
foreach (var line in period.TimeSheet.Lines)
{
try
{
projContext.Load(line);
projContext.Load(line.Work);
projContext.ExecuteQuery();
foreach (var workLine in line.Work)
{
Console.WriteLine(workLine.ActualWork);
}
}
catch (Exception) { }
Console.WriteLine("Total: {0}", line.TotalWork);
}
}
catch (ServerObjectNullReferenceException) { }
}
}
But with above code I get only the code for the current user that is logged in, even if it is a person with rights to see other users hours. But what I want is to see all the hours of all the persons that have booked hours in EPM for a specific project plan. So I can later use this information to sync the hours from an external program to EPM. I thought I can solve this with impersonation but:
ProjectContext projContext = new ProjectContext("http://tfspsdemo/PWA/");
projContext.Credentials = new NetworkCredentials("username", "password");
But this isn't what I want because I have to do this for each user. And also I can't get the passwords of all users.
Does anyone now a solution to solve this problem and/or any suggestions? Solutions with the EPM PSI are also appreciated!
Thanks in advance!

Impersonation is not yet implemented in Project Sever 2016/Project Online. Please vote here: https://microsoftproject.uservoice.com/forums/218133-microsoft-project/suggestions/32981722-impersonation-support-for-csom-to-read-other-user
Thanks,
Werner

There are two modes in Proect server 2013. Proect server and SharePoint mode. I was able to get the above working in SharePoint mode, but alas I cannot read even Timesheet Periods as it says CSOMUnkownUser in Project server mode even after passing in the credentials. What mode are you running in currently on the server

This is probably a little late, but to access that kind of data in a provider/auto hosted app you need to access the sharepoint server through OData. CSOM is only intended to provide data from the current user context.

Related

SSRS Report Portal Management

I am working on an C# utility that would help clients publishing SSRS reports on their sites. Here my code:
public void createFolder()
{
ReportingService2010 rs = new ReportingService2010();
rs.Credentials = System.Net.CredentialCache.DefaultCredentials;
// Create a custom property for the folder.
Property newProp = new Property();
newProp.Name = "Department";
newProp.Value = "Finance";
Property[] props = new Property[1];
props[0] = newProp;
string folderName = "Budget";
try
{
rs.CreateFolder(folderName, "/", props);
Console.WriteLine("Folder created: {0}", folderName);
}
catch (SoapException e)
{
Console.WriteLine(e.Detail.InnerXml);
}
}
I am getting the following error:
ErrorCode xmlns="http://www.microsoft.com/sql/reportingservices">rsAccessDenied</ErrorCode><HttpStatus xmlns="http://www.microsoft.com/sql/reportingservices">400</HttpStatus><Message xmlns="http://www.microsoft.com/sql/reportingservices">The permissions granted to user 'NT AUTHORITY\NETWORK SERVICE' are insufficient for performing this operation.</Message><HelpLink xmlns="http://www.microsoft.com/sql/reportingservices">https://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings&EvtID=rsAccessDenied&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=13.0.1601.5</HelpLink><ProductName xmlns="http://www.microsoft.com/sql/reportingservices">Microsoft SQL Server Reporting Services</ProductName><ProductVersion xmlns="http://www.microsoft.com/sql/reportingservices">13.0.1601.5</ProductVersion><ProductLocaleId xmlns="http://www.microsoft.com/sql/reportingservices">127</ProductLocaleId><OperatingSystem xmlns="http://www.microsoft.com/sql/reportingservices">OsIndependent</OperatingSystem><CountryLocaleId xmlns="http://www.microsoft.com/sql/reportingservices">1033</CountryLocaleId><MoreInformation xmlns="http://www.microsoft.com/sql/reportingservices"><Source>ReportingServicesLibrary</Source><Message msrs:ErrorCode="rsAccessDenied" msrs:HelpLink="https://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings&EvtID=rsAccessDenied&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=13.0.1601.5" xmlns:msrs="http://www.microsoft.com/sql/reportingservices">The permissions granted to user 'NT AUTHORITY\NETWORK SERVICE' are insufficient for performing this operation.</Message></MoreInformation><Warnings xmlns="http://www.microsoft.com/sql/reportingservices" />
Any idea?
Please note that a point of this exercise is not just get it work but knowing that it is going to run on a client side ideally without any tweaking on their part.
Thanks for help.
Your question is a little unclear. It sounds like you're not sure why you're getting a permissions error. The answer is that you need to create a new role. I assume (after your comment) that your question is how you can do that using C#.
You can use the CreateRole() method, which will only work with SSRS Native Mode. If SSRS is installed in SharePoint Integrated mode, there is no supported method other than using the UI.
This method throws an OperationNotSupportedSharePointMode exception
when invoked in SharePoint mode

Sharepoint and WCF interactions

I try to read and create XML files on a Sharepoint 2010.
I know that Sharepoint exposed some services used to interract with the application (like /_vti_bin/ListData.svc or /_vti_bin/Lists.asmx or /_vti_bin/Webs.asmx) but i dont know how to use them and if they can do what i want to do.
If someone has a sample to help me or a link with a comprehensive documentation, thank you to please share with us.
Thank you in advance, have a good day.
Here is a reference with examples: http://msdn.microsoft.com/en-us/library/office/aa979690(v=office.14).aspx
Have you tried to search on your own?
What particular problem do you have?
Now i'm able to do what i wanted.
Here is the solution to read XML files on SharePoint 2010 with a WCF Service :
public string GetLocalisationCollection()
{
CopySoapClient client = new CopySoapClient();
FieldInformation myFieldInfo = new FieldInformation();
FieldInformation[] myFieldInfoArray = { myFieldInfo };
byte[] myByteArray;
client.GetItem(Configuration.LocalisationUri, out myFieldInfoArray, out myByteArray);
return System.Text.Encoding.UTF8.GetString(myByteArray);
}

Active Directory property "badPwdCount"

Problem:
We've upgraded the AD server from 2003 to 2008 and due to some "bad code", where developer has coded in such a way that, he directly casts "badPwdCount" property value to INT and it blows up because of NULL value conversion - NULL reference exception - NULL cannot be converted to INT.
Bigger problem:
We cannot do a deployment at this point because there are over 100 individual apps that depended on this change and we're looking for a least involved way of dealing with it for now.
Background:
Now the way this "badPwdCount" property works is, that when user logs on to the domain, it will get set to zero, otherwise it's NULL. The problem is that none of these users are ever going to log on interactively because they're external and we authenticate them via API and they cannot log in using the API either..
Question:
Does anyone know if this value is in the registry or somewhere, where I can get to it and set it to zero? Was also thinking of initiating a log in per user via a script, but wanted to gather other ideas too...
MSDN page for badPwdCount:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms675244(v=vs.85).aspx
Normally this would be easy, all you would need to do is update all the users in active directory and set the value to 0 if it is null. There are various ways you could do this, for example a script or code, or a bulk update tool.
In this case, badPwdCount is a special property that is not replicated (i.e. it is different for each domain controller) and so far as I can tell, there is no way to update it manually or by script, however, I think I have a solution for you.
You should be able to easily trigger a single failed login for every user in active directory against each domain controller, causing the value to be incremented.
Since you tagged your post with C#, here is some C# code that will do the trick for you:
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices.ActiveDirectory;
...
using (Domain domain = Domain.GetComputerDomain())
{
foreach (DomainController domainController in domain.DomainControllers)
{
using (PrincipalContext context = new PrincipalContext(ContextType.Domain, domainController.Name))
using (UserPrincipal userPrincipal = new UserPrincipal(context))
using (PrincipalSearcher searcher = new PrincipalSearcher(userPrincipal))
using (PrincipalSearchResult<Principal> results = searcher.FindAll())
{
foreach (UserPrincipal user in results.OfType<UserPrincipal>())
{
context.ValidateCredentials(user.SamAccountName, "THEREISNOWAYTHISISTHECORRECTPASSWORD");
}
}
}
}
PS. If this screws up your AD I take no responsibility for it!

How do I get Google Calendar feed from user's access token?

Using OAuth I do get access token from Google. The sample that comes with Google and even this one:
http://code.google.com/p/google-api-dotnet-client/source/browse/Tasks.SimpleOAuth2/Program.cs?repo=samples
show how to use Tasks API. However, I want to use Calendar API. I want to get access to user's calendar. Can anybody tell me how do I do that?
Take a look at the samples:
Getting Started with the .NET Client Library
On the right side of the page linked above there is a screen shot showing the sample projects contained in the Google Data API solution. They proofed to be very helpful (I used them to start my own Google Calendar application).
I recommend keeping both your own solution and the sample solution open. This way you can switch between the examples and your own implementation.
I also recommend to use the NuGet packages:
Google.GData.AccessControl
Google.GData.Calendar
Google.GData.Client
Google.GData.Extensions
and more ...
This way you easily stay up to date.
Sample to get the users calendars:
public void LoadCalendars()
{
// Prepare service
CalendarService service = new CalendarService("Your app name");
service.setUserCredentials("username", "password");
CalendarQuery query = new CalendarQuery();
query.Uri = new Uri("https://www.google.com/calendar/feeds/default/allcalendars/full");
CalendarFeed calendarFeed = (CalendarFeed)service.Query(query);
Console.WriteLine("Your calendars:\n");
foreach(CalendarEntry entry in calendarFeed.Entries)
{
Console.WriteLine(entry.Title.Text + "\n");
}
}

why does using the same c# code to change password in AD in different computer make different speed?

I used the class in System.DirectoryServices to change password in AD. The code like this:
DirectoryEntry _directoryEntry = new DirectoryEntry(ldapPath, user, pwd, AuthenticationTypes.Secure);
public bool ChangePassword(string userPath, string newPassword)
{
try
{
if (userPath != null && _directoryEntry != null)
{
_directoryEntry.Path = userPath;
//Set the password
_directoryEntry.Invoke("SetPassword", new object[] { newPassword });
_directoryEntry.CommitChanges();
return true;
}
}
catch (Exception ex)
{
//Invalid Login or the domain controller is not contactable
throw ex;
}
finally
{
_directoryEntry.Close();
_directoryEntry = null;
}
return false;
}
I executed these codes on different computer. The time spent from several ms to several seconds.
why does the same code executed in different Environment to change password in AD spent different time? I have spent a lot of time in dealing this problem but still no result. Can anybody tell me? Thank you very much!!!!!
This sounds like it is a simple environment issue. Maybe the network is further away or just slower in general, or it could be that the processor is slower, or just about any number of environmental differences. I would compare some of the key hardware specs. You could also make sure that there are very minimal processes running on each machine to verify that it might not be a conflict from another process.
Well a simple ping report should help you rule out any network related issues. just ping your AD from your different test machines and observe the response time.
You should really get a network trace and see what's going on. There's alot of moving parts here.
That aside, the way this code is laid out is a bit strange. Why are you creating the DirectoryEntry and then changing the Path property?
I had this issue. It is likely because on one computer you are querying the master domain controller directly, and on the other you are querying a read-only domain controller which then has to query the master domain controller. Why? No idea. I just know when I used Wireshark to listen on my AD query traffic, it was always going fast when it was talking to the master domain controller, and slow all the other times. So, I usually include the controller I want in the DirectoryEntry constructor (ie, LDAP://ip-of-controller/cn=whaerver,ou=2whafsal,dc=etc).
You can also open a command prompt and run echo %logonserver% to check which domain controller you computer will default to (I think).

Categories