public BaseAPIConnection GetConnection() { if (_connection == null) { lock (_baseapilock) { if (_connection == null) { var server = new BaseAPI(); server.CreateConnection(); server.Connection.Open(_sessionConnectionString); _connection = server.Connection; } } } return _connection; }
/// <summary> /// Aligns your expected user's context to the BaseAPIConnection /// </summary> /// <param name="connection">Your current BaseAPIConnection who's context will be alligned</param> /// <param name="k2Connection">The broker base.</param> internal static void ImpersonateSessionUser(this BaseAPIConnection connection, K2Connection k2Connection) { connection.ThrowIfNull("connection"); k2Connection.ThrowIfNull("k2Connection"); try { // Don't impersonate if the connection does not have a session cookie var sessionCookie = connection.GetPropertyValue("SessionCookie") as string; if (string.IsNullOrEmpty(sessionCookie)) { return; } // Don't impersonate if the session's FQN is the same as the expected user's FQN var activeSession = k2Connection.SessionManager.GetActiveSession(sessionCookie); activeSession.ThrowIfNull("activeSession"); if (string.Equals(k2Connection.UserName, activeSession.Owner.PrimaryCredential.FullyQualifiedName.FQN, StringComparison.OrdinalIgnoreCase)) { return; } // Don't impersonate if not integrated or connection has a password var builder = new SCConnectionStringBuilder(k2Connection.SessionConnectionString); if (!builder.Integrated || !string.IsNullOrEmpty(builder.Password)) { return; } //In A PTA scenario, you would have fallen back to the service account and we would have Authenticated you as the service account. //If we are in a PTA context we should call the ImpersonateSessionUserByName method to align this connetion's user to the expected user K2NEServiceBroker.SecurityManager.ImpersonateSessionUserByName(sessionCookie, k2Connection.UserName, ImpersonationType.PassThrough, true); } catch { if (connection != null) { connection.Dispose(); } throw; } }