MIP SDK login does not handle too-large token TTL

The MIP SDK login process fails to clamp the dueTime argument in calls to Timer.Change(dueTime, period). As a result, if a customer has increased their ClientTokenTimeoutMinutes value from 240 to a value greater than ~71582 minutes in C:\Program Files\Milestone\XProtect Management Server\IIS\ManagementServer\Web.config, an ArgumentOutOfRangeException exception is thrown and the login fails.

Related to this, the error handling in VideoOS.Platform.SDK.UI.LoginDialog.DialogLoginForm appears to swallow any exceptions that aren’t explicitly handled so when you run into this kind of login issue in the DialogLoginForm, you will only see “Login failed because of an error” in the UI and nothing meaningful is written to the MIP SDK log.

image476×351 12.7 KB

Here’s a stacktrace from the MIP SDK log when not using the login dialog:

Error: ProcessRecord (): System.ArgumentOutOfRangeException: Time-out interval must be less than 2^32-2.
Parameter name: dueTime
   at System.Threading.Timer.Change(Int64 dueTime, Int64 period)
   at VideoOS.Platform.SDK.Config.LoginServerBase.NewTokenAquired()
   at VideoOS.Platform.SDK.Config.LoginServerBase.Login(Uri uri)
   at VideoOS.Platform.SDK.Config.SystemInfo.Login()
   at VideoOS.Platform.SDK.Platform.SDKConfiguration.TryLogin(Uri uri, Boolean masterOnly)
   at VideoOS.Platform.SDK.Platform.SDKConfiguration.VideoOS.Platform.SDK.Platform.ISDKConfiguration.Login(Uri uri, Boolean masterOnly)
   at VideoOS.Platform.SDK.EnvironmentService.Login(Uri serverUri, Boolean masterOnly)
   at VideoOS.Platform.SDK.EnvironmentService.Login(Uri serverUri, Boolean masterOnly, Guid integrationId, String integrationName, String version, String manufacturerName)
   at VideoOS.Platform.SDK.Environment.Login(Uri serverUri, Guid integrationId, String integrationName, String version, String manufacturerName, Boolean masterOnly)

I tested this and can confirm the threshold very precisely.

Login fails with:

<add key="ClientTokenTimoutMinutes" value="71588" />

and works with:

<add key="ClientTokenTimoutMinutes" value="71587" />

The number itself looks odd at first glance. ~71582 minutes would match a theoretical 2^32 ms limit, but the value 71587 aligns exactly with what is already documented.

The Knowledge Base article
“Modify XProtect Advanced VMS token timeout value to avoid ‘Invalid Token’ error” explicitly states:

Update (25/05/2022): Whilst the above theoretical maximum value of the ClientTokenTimoutMinutes is 2147483647, testing has shown a maximum usable value of 71587 (~49 days).
Link: https://support.milestonesys.com/article/modify-XProtect-Advanced-and-XProtect-Plus-token-timeout-value-to-avoid-Invalid-Token

My testing shows that once this limit is crossed, MIP SDK login fails.
I verified this using the CameraStreamResolution component sample.

Interestingly, the Smart Client logs in successfully even with the value set to 71588, which suggests that the Smart Client and MIP SDK handle the login differently.

I’ll run this by Milestone Development. Ideally, the SDK should clamp the value, so exceeding 71587 does not cause a hard login failure.

Note: the key name is ClientTokenTimoutMinutes (missing e). This appears to be a historical typo in the implementation, but it is the correct and supported key.