Can you (re)start this discussion with the appropriate subject line On 4/5/13 5:29 AM, "Simon Waterhouse" <simon.waterho...@eu.citrix.com> wrote:
>The "official" location is pending a decision by the community what to do >with this code. > >Citrix would like to contribute it to the CloudStack project - having a >ready-made .NET client for the CloudStack API is surely an advantage for >us - anyone have thoughts on where it should live in the long term? > >Regards >Simon > >-----Original Message----- >From: Donal Lafferty >Sent: 05 April 2013 13:21 >To: Simon Waterhouse; dev@cloudstack.apache.org >Cc: Pranav Saxena >Subject: RE: CloudStack UI Authentication Mechanism > >Thanks for upgrading the .NET SDK I created :) > >Will this be the official public location? > > >> -----Original Message----- >> From: Simon Waterhouse >> Sent: 05 April 2013 9:34 AM >> To: dev@cloudstack.apache.org >> Cc: Donal Lafferty; Pranav Saxena >> Subject: RE: CloudStack UI Authentication Mechanism >> >> This should work whichever authenticator is used behind the logon API >> (LDAP , MD5 etc.), but I didn't test the LDAP auth. yet... >> >> >> -----Original Message----- >> From: Simon Waterhouse [mailto:simon.waterho...@eu.citrix.com] >> Sent: 05 April 2013 09:27 >> To: dev@cloudstack.apache.org >> Cc: Donal Lafferty >> Subject: RE: CloudStack UI Authentication Mechanism >> >> The CloudStack .NET SDK at >> https://github.com/siwater/cloudstack_dotnetsdk has support for both >>user >> name/password and apiKey/secretKey authentication. >> >> >> -----Original Message----- >> From: Pranav Saxena [mailto:pranav.sax...@citrix.com] >> Sent: 04 April 2013 17:51 >> To: dev@cloudstack.apache.org >> Cc: cloudstack-...@incubator.apache.org; Donal Lafferty >> Subject: RE: CloudStack UI Authentication Mechanism >> >> Hey Donal, >> >> Sorry , I should have responded you a bit earlier but had no access to >>email >> today . Yeah you are absolutely right . UI uses Jsession ID to bypaas >>login >> check something like this as shown below - >> >> // Use this for checking the session, to bypass login screen >> bypassLoginCheck: function(args) { //determine to show or bypass >>login >> screen >> if (g_loginResponse == null) { //show login >>screen >> g_mySession = >>$.cookie('JSESSIONID'); >> g_sessionKey = >>$.cookie('sessionKey'); >> g_role = $.cookie('role'); >> g_username = >>$.cookie('username'); >> g_userid = $.cookie('userid'); >> g_account = $.cookie('account'); >> g_domainid = >>$.cookie('domainid'); >> g_userfullname = >>$.cookie('userfullname'); >> g_timezone = >>$.cookie('timezone'); >> if($.cookie('timezoneoffset') >>!= null) >> g_timezoneoffset = >> isNaN($.cookie('timezoneoffset'))? null: >> parseFloat($.cookie('timezoneoffset')); >> else >> g_timezoneoffset = null; >> } >> >> Let me know if you need any more details. >> >> Thanks, >> Pranav >> >> -----Original Message----- >> From: Donal Lafferty [mailto:donal.laffe...@citrix.com] >> Sent: Thursday, April 04, 2013 9:33 PM >> To: dev@cloudstack.apache.org >> Cc: cloudstack-...@incubator.apache.org >> Subject: RE: CloudStack UI Authentication Mechanism >> >> >> >> > -----Original Message----- >> > From: rohityada...@gmail.com [mailto:rohityada...@gmail.com] On >> Behalf >> > Of Rohit Yadav >> > Sent: 04 April 2013 4:36 PM >> > To: dev@cloudstack.apache.org >> > Cc: cloudstack-...@incubator.apache.org >> > Subject: Re: CloudStack UI Authentication Mechanism >> > >> > On Thu, Apr 4, 2013 at 7:59 PM, Donal Lafferty >> > <donal.laffe...@citrix.com>wrote: >> > >> > > >> > > >> > > > -----Original Message----- >> > > > From: rohityada...@gmail.com [mailto:rohityada...@gmail.com] On >> > > > Behalf Of Rohit Yadav >> > > > Sent: 04 April 2013 2:52 PM >> > > > To: dev@cloudstack.apache.org >> > > > Cc: cloudstack-...@incubator.apache.org >> > > > Subject: Re: CloudStack UI Authentication Mechanism >> > > > >> > > > On Thu, Apr 4, 2013 at 4:50 PM, Donal Lafferty >> > > > <donal.laffe...@citrix.com>wrote: >> > > > >> > > > > I noticed that the CloudStack UI allows VM control to accounts >> > > > > that don't have an API key set defined. >> > > > > >> > > > > How does its authentication mechanism work? E.g. >> > > > > >> > > > > >> > > > > 1. How are API calls authenticated and >>authorized if >> > > they >> > > > > are not signed with API keys? >> > > > > >> > > > >> > > > On integration port, defined in the global settings, 8096 >> > > > generally >> > > there is no >> > > > authentication done, user is admin has max. power. >> > > > >> > > [Donal Lafferty] >> > > Okay, but the UI doesn't usually go over 8096. How does it work >> > > when its not bypassing authentication? >> > > >> > >> > jquery UI experts will let you know the internals. When authentication >> > in UI is done, the keys are obtained and subsequently used while >>querying. >> > Just attach your debugger to ApiServlet's GET handlers and follow the >> > sequence which will help you discover how it all works till it reaches >> > ApiDispatcher (through ApiServer class) where the actual cmd class is >> > found, filled and executed. >> > >> [Donal Lafferty] >> Looks like it uses a JSESSIONID cookie rather than HTTP Query signing. >> >> See http://cloudstack.apache.org/docs/api/apidocs- >> 4.0.0/root_admin/login.html >> >> > Cheers. >> > >> > >> > > > >> > > > > >> > > > > 2. Does this work equally well when LDAP is to >> > > > > authenticate username / password? >> > > > > >> > > > >> > > > Abhi can comment on this one. >> > > > >> > > > Cheers. >> > > > >> > > > >> > > > > >> > > > > >> > > > > DL >> > > > > >> > > > > >> > > > > >> > >
