Search code examples
kerberosemc

How do i download document from EMC DOCUMENTUM D2 into my C# code while using Kerberos authentication?

My C# application is deployed in Sharepoint and i want to download a document from EMC DOCUMENTUM D2 in C# and upload the same in Sharepoint Document library. I am using kerberos authentication for single sign on.Kerberos works fine when i search for documents however when i try download document from D2 somehow the service account is being used by the code to download the document(I know it uses service account when i see the incoming traffic log of the Documentum).

IObjectService objectService = this.GetRemoteServiceDownload<IObjectService>(moduleName);

The defination of the function.

 protected IObjectService GetRemoteServiceDownload<IObjectService>(string serviceModule)
    {
        KerberosTokenHandler handler = new KerberosTokenHandler();
        try
        {
            using (KerberosClientContext kerberosClientContext = new KerberosClientContext(servicePrincipalName, true, ImpersonationLevel.Delegation))
            {
                try
                {
                    KerberosBinarySecurityToken token = new KerberosBinarySecurityToken(kerberosClientContext.InitializeContext(), KerberosValueType.KERBEROSV5_AP_REQ);
                    handler.SetBinarySecurityToken(token);
                    List<IEndpointBehavior> handlers = new List<IEndpointBehavior>();
                    handlers.Add(handler);
                    handlers.Add(new DFSBindingBehaviour(0, 10, 0, 0, 10, 0, 40960, 32, 16384, 16384, 20000000));
                    var remoteService = ServiceFactory.Instance.GetRemoteService<IObjectService>(serviceContext, serviceModule, address, handlers);
                    return remoteService;
                }
                catch (Exception ex)
                {
                    Service.LoggerService.SetError(new Exception("In GetRemoteService" + ex.Message, ex));
                    return default(IObjectService);
                }
            }

        }
        catch (Exception ex)
        {
            Service.LoggerService.SetError(new Exception("In GetRemoteService using" + ex.Message, ex));
            return default(IObjectService);
        }
    }
Solution

  • Guys i was able to solve the problem!. It was not a kerberos issue actually it was a issue of the location of the calling function. The function that initiated the Kerberos Authentication was within 

    using(SPSecurity.RunWithElevatedPrivileges )
{

}

    Because of this the Kerberos authentication was making use of the service account to download the document.