OpenFile2 connects with single signon user

[Oliver F.]

Just filed this bug...

When Windows authentication is turned on the OpenFile2 method connects to the repository with the current Windows logon regardless what is given in the username and password string.

Reproduce:

Connect to repository:
eaRepository.OpenFile2(CONNECTIONSTRING,"admin","xxx"));

Get an arbitrary package and apply user lock:
pck.ApplyUserLock();

Open EA and look in the project browser for the package in question: Not the user "admin" given but the windows user has applied the user lock.

Oliver

[«Midnight»]

What happens if you run EA as another user (for example, but shift-right clicking or control-right clicking the EA icon and using the context menu)?

[Oliver F.]

What happens if you run EA as another user (for example, but shift-right clicking or control-right clicking the EA icon and using the context menu)?

Sorry, I did not mention that I was accessing EA from an external program, not from and addin within.
So EA is not running when ApplyUserLock is called.

I had to additionally call ChangeLoginUser() to get the right login user.

Oliver

[«Midnight»]

I take it you mean you had to run the EA use change. [I think] That would make sense if Windows authentication were turned on. By default, Windows authentication does not ask for credentials, and when it does, it assumes your login ID as the default (if any). I suspect that EA is merely acting in parallel with that; if you don't explicitly give EA a 'new' ID it presents no credentials to the database, which uses your Windows login credentials to authenticate the connection.

[Oliver F.]

I take it you mean you had to run the EA use change. [I think] That would make sense if Windows authentication were turned on. By default, Windows authentication does not ask for credentials, and when it does, it assumes your login ID as the default (if any). I suspect that EA is merely acting in parallel with that; if you don't explicitly give EA a 'new' ID it presents no credentials to the database, which uses your Windows login credentials to authenticate the connection.

If it were like this it would render the OpenFile2 method useless if Windows authentication was turned on because it would not consider the given user/password combo at all. I would have to apply the ChangeLoginUser method then anyway.

Oliver

[«Midnight»]

And perhaps that's how it works. But remember, when I said "I suppose..." I was making a guess.

Remember that as long as you've got Windows security set for your DBMS there is little EA can do about this unless you tell EA which credentials to use.

Of course, you could always set up a connection string to force SQL Server to pop up a login dialog, but you still have the same issue of having to supply credentials. Worse for some applications, you would also have to supply a user to type them in.

[Oliver F.]

And perhaps that's how it works. But remember, when I said "I suppose..." I was making a guess.

I noticed this, of course

Remember that as long as you've got Windows security set for your DBMS there is little EA can do about this unless you tell EA which credentials to use.

Well, it would be worth having an explanation from Sparx why there is an OpenFile method, an OpenFile2 methode (to give credentials) and a method to sperately define those credentials.
I would expect that OpenFile2 would call OpenFile and then at least change the user name. Obviously it does not.

Currently it exceeds my understanding so I am wondering where the sense in this is.

Oliver

[«Midnight»]

Could be versatility. Could be legacy. Could be both.

Overall, I can live with the situation, and accept the finer granularity of control.

The SDK needs considerably more work across the board. One of the most glaring areas is the API grid. Many of the documentation fragments there are really difficult to fathom if you don't have the EA source code at hand. [And out here in the real world, none of us do.]

Sigh...