How to use WCF Livelink web services to create a quasi single sign on or login with cookie equivalent of lapi

Recently OT Dev said that don’t really spend time on the Search SOAP service but use the Restful search API that has been there all along these years.

Since almost everything in livelink is served off a URL one of the first things it needs is authentication.For livelink deployments who do not have Single Sign On based on web server auth it is inconvenient that a webapp designed in C# provides links to a livelink URL for e.g I may have an href called “My Assignments” and then I may link it to my livelink server url and the query string ending in personal .assignments

I really don’t think organizations using livelink still use userid/password but this will probably help those users.

http:://my livelinkurl/livelinkvd/llisapi.dll?func=personal.assignments

Now everybody reading this should know that livelink will look for a cookie if not it will present a login screen. Our attempt is to use the token (cookie) returned to us by the CWS auth routine and make sure we can pass it off to a livelink URL or making the request to livelink as if one had logged in and subsequently performing operations.

In my example I am doing this with a LL 9.7.1 version so the ref key word is not used.For newer CWS the ref keyword is needed

SETUP

LL9.7.1 Oracle,IIS6, webserver is anonymous,livelink auth scheme is livelink ,No RCS present,No Dir Svcs module in deployment

in SSO deployments calling a livelink URL from a auth user’s computer results in a pass thru experience so none of this circus is needed anyway.

What I found was if you were adding the LlCookie to the request you have to do a lot of coding as in the user in this thread.I found several hits in the web

to spoof the Cookie but a lot of code for somethingthat you know is not that secure anyway

RE RE RE RE RE Get Region Name

He first gets the auth token and uses cookie setting code to call the search API.

While that is all good and dandy  if you have access to  a web debugging tool like Fiddler if you capture traffic for the first auth call you can see your userid+password

if it is a HTTP connection.I am not sure what it will look if my livelink was HTTPS.So I would just build a userid/password url and specify everything in NextURL.

So if I was coding a C# app and wanted to call my search system in livelink I would just use the simple approach

http://llappu971vm:8080/livelink/livelink.exe?func=ll.login&username=livelinkuser&password=livelinkpassword&nextURL=%2Flivelink%2Flivelink.exe%3Ffunc=ll%26objId=670175%26objAction=browse%26viewType=1

In the above URL the Func=ll.login sets the Cookie and then the NextURL is indicated,it is just webescaped for transmission

Link to Creating RESTful web services in livelink

This is a very good article very insightful for people like me who don’t really  understand hyped up words  in use.

http://ednortonengineeringsociety.blogspot.com/2009/08/creating-restful-web-services-with.html

People at OT has said that their plan is to support web services ,oscript and RESTful

So I am going to try and see if I can make some good easy to use things.Looks easier than CWS to me

I know my oscript so the rest is basically some crafted query strings .I s that what Rest is ?

BTW this is free publicity to the original blogger.If I should not be posting links let me know I will remove it.