Problem with authentication in distribuited environment

Hi,

We are developing a Server Side Plug-in used to get a snapshot from a specified camera. To do so we are using some code form MIP SDK samples.

The plugIn first gets an authorization token from management server then uses it ask for snapshot to Recording server.

The plug-in runs well on simple environment where event server and management server are on same machine, but fails in production environment where the two services are spreaded on two different servers. In the latter scenario we get this error when plug-in try to authenticate on management server:

System.ServiceModel.Security.SecurityNegotiationException: SOAP security negotiation with ‘http://a91-vdsmngl2.anasnet.it/ManagementServer/ServerCommandService.svc’ for target ‘http://a91-vdsmngl2.anasnet.it/ManagementServer/ServerCommandService.svc’ failed. See inner exception for more details.

- → System.ComponentModel.Win32Exception: Security Support Provider Interface (SSPI) authentication failed.

The server may not be running in an account with identity ‘host/a91-vdsmngl2.anasnet.it’.

If the server is running in a service account (Network Service for example), specify the account’s ServicePrincipalName as the identity in the EndpointAddress for the server.

If the server is running in a user account, specify the account’s UserPrincipalName as the identity in the EndpointAddress for the server.

The error seems causated in the connect method of SystemAccess class:

Exception rethrown at [0]:

at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

at ServerCommandService.IServerCommandService.Login(Guid instanceId, String currentToken)

at ServerCommandService.ServerCommandServiceClient.Login(Guid instanceId, String currentToken) in [C:\Program](file:C:/Program) Files\Milestone\MIPSDK\ProtocolSamples\ServerCommandWrapper\ServerCommandService.cs:line 7799

at ServerCommandWrapper.Ntlm.NtlmConnection.Login() in [C:\Program](file:C:/Program) Files\Milestone\MIPSDK\ProtocolSamples\ServerCommandWrapper\NtlmConnection.cs:line 170

at ServerCommandWrapper.Ntlm.NtlmConnection.Login(Guid integrationId, String version, String integrationName) in [C:\Program](file:C:/Program) Files\Milestone\MIPSDK\ProtocolSamples\ServerCommandWrapper\NtlmConnection.cs:line 188

at AccessControl.Background.SystemAccess.Connect(String server) in [C:\Sviluppi\AnasXp\RMTConnector\Background\SystemAccess.cs](file:C:/Sviluppi/AnasXp/RMTConnector/Background/SystemAccess.cs):line 65

at AccessControl.Background.RestService.cameraSnapshot(IHttpContext context) in [C:\Sviluppi\AnasXp\RMTConnector\Background\RestService.cs](file:C:/Sviluppi/AnasXp/RMTConnector/Background/RestService.cs):line 991

this is the code of method:

public void Connect(String server)

   {

       if (\_basicConnection != null)

       {

           \_basicConnection.OnTokenRefreshed -= \_connection\_OnTokenRefreshed;

           \_basicConnection.Logout();

           \_basicConnection = null;

       }

       if (\_ntlmConnection != null)

       {

           \_ntlmConnection.OnTokenRefreshed -= \_connection\_OnTokenRefreshed;

           \_ntlmConnection.Logout();

           \_ntlmConnection = null;

       }

       Server = server;

       switch (AuthenticationType)

       {

           case AuthenticationType.Basic:

               {

                   int port = 443;

                   \_basicConnection = new BasicConnection(User, Password, Server, port);

                   LoginInfo = \_basicConnection.Login(IntegrationId, Version, IntegrationName);

                   \_basicConnection.OnTokenRefreshed += \_connection\_OnTokenRefreshed;

                   break;

               }

           case AuthenticationType.Windows:

           case AuthenticationType.WindowsDefault:

               {

                   \_ntlmConnection = new NtlmConnection(Domain, AuthenticationType, User, Password, Server);

                   LoginInfo = \_ntlmConnection.Login(IntegrationId, Version, IntegrationName);

                   \_ntlmConnection.OnTokenRefreshed += \_connection\_OnTokenRefreshed;

                   break;

               }

           default:

               //empty

               break;

       }

   }

The class was taken from MIPSDK samples code.

We cannot understand where is the problem and how to solve, can you help us?

Many Thanks

I can add another bit of information: the Management Server is not running with “Network Service Account” but using a dedicated domain user.

Thanks

Please clarify. When we in Milestone talk about a plugin, we think of a dll developed to run inside the Management Client, Smart Client or Event Server. In this sense you are not developing a plugin are you?

If you run the TCPVideoViewer sample unmodified in this server does it work as expected or do you see the same error?

Hi,

I’m sorry if I was not clear. We are developing a Server Side Plugin that runs inside Event Server. The Plugin exposes to extarnal application a rest used to get snapshots (ppping camera and timestamp as parameters). So our goal is to get a snapshot from a plug-in inside event Server.

We cannot find a better way than doing this via http request to Recording Server; but to do so we need a token from Management Server. Our problem is in getting this token through the SystemAccess class.

If you need more details pleas don’t esitate to write me.

Many Thanks

-Please see my next answer below, this answer is NOT correct..-

In a plugin you should really use the MIP library, not protocol methods.

The best format for a snapshot must be Jpeg and then you want use JpegLiveSource and in playback JpegVideoSource.

https://doc.developer.milestonesys.com/html/index.html?base=miphelp/class_video_o_s_1_1_platform_1_1_live_1_1_j_p_e_g_live_source.html&tree=tree_search.html?search=jpeglivesource

I really think it is a bad idea to use protocols in this setting and hope you can quickly shift to using the MIP Library methods.

Explore this sample as an introduction.

https://doc.developer.milestonesys.com/html/index.html?base=samples/componentsamples/medialiveviewer/readme.html&tree=tree_2.html

or maybe as it is just one snapshot..

https://doc.developer.milestonesys.com/html/index.html?base=samples/componentsamples/camerastreamresolution/readme.html&tree=tree_2.html

Note that the samples are standalone, the methods however also exists in the Event Server environment.

Thank you very much for your suggestions I will check, and let you know.

Regards

Hi Bo,

I tryed to change my code using the MediaLiveViewer as Base, but I still have some throubles. I modifyed my function to get the snapshot and you can find the code in the attached file.

I still have two problems:

1. When I call the function the first time, the handler is calledback but gives me an exception message: “Method Not Supported for this environment”
2. If I call the funcion again the handler is not calledback anymore

I made a lot of test chenging the initializzation parameters but I still have same thoubles. May be I miss something in itializzation ?

Thank You very match for your support.

340×480 31.9 KB

I am so sorry. I realize now that my previous answer was incorrect.

You cannot use the classes I pointed to in the Event Server.

The reason you cannot is that they are not supported in the Event Server environment, and the reason it is designed that way is to avoid overloading the Event Server. Each site have only one Event Server so it does not scale well.

You have to build a standalone application or service instead.

Please do not workaround this by trying the protocol approach you first had, that would have the same issues on scalability.

If you build your own application it can run sharing the same server as the Event Server, have its own server or even be multiple applications across multiple servers.

I am sorry for the wrong answer, I hope I have now given the better advise.