Authentication

The custom iMIS application server provider (Asi.Providers.AsiMembershipProvider) is used to authenticate users. All classes of user (Full, Casual, and Public) can be authenticated, including full compatibility with iMIS expiration dates and disabled statuses. A custom role provider (Asi.Providers.AsiRoleProvider) is used to identify user-role mappings; it supports all iMIS Roles and Groups as well as module-access levels and member status.

General authentication strategies by endpoint
There are two primary endpoints supported in iMIS SOA, each with a different authentication mode.

NetTCP endpoint

By default, iMIS will install SOA using the NetTcp endpoint. The endpoint uses a binary message format over TCP. The installation creates a new Windows Service that listens by default on port 808. The port can be changed by editing the web.config file. This endpoint allows username-only authentication. That is, it does not require a password. Therefore, access to this service's port should be severely restricted, either by firewall rules, configuration of IPSec security rules, or another method. For more information, see the topic Services Configuration in the latest Helpsite. Connections to this endpoint are secured by Windows Stream Security. This endpoint is primarily intended for trusted applications (especially web-based iParts) with shared access to the iMIS web server. This endpoint only needs to be configured if you have a RiSE website using web-based iParts to communicate with the application server.

REST endpoint

SOA also supports a REST endpoint. It uses REST message format over HTTPS and is enabled by default in the iMIS application server. This endpoint requires authentication by both username and password and is secured using SSL. This endpoint is recommended for B2B-type applications (exposing an iMIS application server to third party services and so forth) as well as for simplicity, assuming both username and password are known.

The following code shows how to connect to the two different endpoints using iMIS SOA Client Services.

In previous releases, you had to define your URI in your code. Now, this can be set up once in the web.config:

<iMIS>
    ...
    <Soa>
      ...
      <settings>
        ...
        <setting key="EntityManagerDefaultBaseUri" value="net.tcp://imisappserver:808/AsiScheduler_iMIS/SOA/NetTcp" />
        <setting key="EntityManagerDefaultEndpointType" value="NetTcp" />
      </settings>
      ...
    </Soa>
    ...
  </iMIS>

Create an entity manager class so that you can access the SOA service:

using System;
using Asi.Soa.ClientServices;
 
// Connect to the NetTcp endpoint of the iMIS SOA service host
var netTcpSoaServiceHostService = new EntityManager("username", "password");

More