Business Objects Enterprise 11.5 Shared Secret…Shhhh!

I had to blog about this because I’m sure many of you who need to deal with the BOE XI .NET APIs will find this one useful.  Also because I know I’m going to need this info again at some point and I figure this is the best place to memorialize this knowledge.  In this post, I’ll specifically talk about my experience in enabling trusted authentication to the BOE server using ‘secEnterprise’ security with the BOXI .NET APIs.  A note for Java developers – I think most of the code samples should work with the exception of the use of concrete types.  Most of the types are replaced with interfaces in Java and the naming convention is such that you should be able to add an ‘I’ to the beginning of the type names.  Why they didn’t do this for .NET is a mystery to me.

The first thing we need to do is open the secEnterprise folder on both the client machine and on the server.  The path is as follows – [Drive:\Business Objects Installation Folder]\BusinessObjects Enterprise 11.5\win32_x86\plugins\auth\secEnterprise.  Here you should find a single file named secEnterprise.dll.  If you don’t see this file, or folder, you are going to need to install the BOE XI R2 SP2 client tools.  The one I installed is dated 3/6/2007.  Once installed, the above mentioned files and folders should be present.  Once located, it’s time to add a new text file and name it “TrustedPrincipal.conf”.  Using your favorite plain vanilla text editor (I use notepad) add a line that reads, “SecretPassword=[word or phrase without spaces using 0-9, A-Z, and a-z characters only]”.  Obviously, the word/phrase must match on the client and server installations. NOTE:  If the server already has this file and a password/phrase is already present, do not change it!  I recommend copying the server value to your client file.  But, if you’re feeling macho and absolutely need to change it, a reboot of the server may be required to flush the old value from cache.

Now, the following code sample will allow you to “impersonate” any user that has been granted access to the BOE server using the trusted principal method.

  SessionMgr sess = new SessionMgr();

  TrustedPrincipal tp = sess.CreateTrustedPrincipal(“John.Doe”, “YourBoxiServerName”);

  EnterpriseSession esess = sess.LogonTrustedPrincipal(tp);

With a little bit more code, we can use the current thread to detect the security principal and parse the user name so we can pass it in as a method argument.

  string identName = System.Threading.Thread.CurrentPrincipal.Identity.Name;

 

  if (string.IsNullOrEmpty(identName))

    throw new System.Security.SecurityException(“Not logged in!”);

 

  int startIdx = identName.IndexOf(‘\\’) + 1;

  string username = identName.Substring(startIdx, identName.Length – startIdx);

 

  SessionMgr sess = new SessionMgr();

  TrustedPrincipal tp = sess.CreateTrustedPrincipal(username, “YourBoxiServerName”);

  EnterpriseSession esess = sess.LogonTrustedPrincipal(tp);

One last thing to note is that I’m referencing a combination of version 11.5.3300.0 and 11.5.3700.0 of the CrystalDecisions assemblies.

Well, that’s it.  I hope someone out there finds this post helpful.