How do I check if an EnterpriseSession token exists in BusinessObjects SDK

Question

I am implementing a web GUI for BusinessObjects via the BO SDK (.NET) and need a way to persist and share an authentication token amongst several users. A specific business requirement is that only a single login (in this case a service account from ActiveDirectory). I have had no trouble initially logging in and then performing subsequent logins via the default token generated by the first login. The trouble is that when using the token to login on the second attempt the token is overwritten.

I need a way to check if the token is valid WITHOUT completing a full login that overwrites the original token value. My plan is to keep the token in cache and serve up via WCF as each report request is made, only regenerating the token value if it is no longer valid. The final request for each report is completed by including the token as a querystring parameter in an OpenDocument url to provide authentication.

I can complete a full login via token with the following code : //Original login SessionMgr ses = new SessionMgr(); EnterpriseSession es = ses.Logon(user, pass, server, type);

//Get the token
LogonTokenMgr myToken = es.LogonTokenMgr;
string BOToken = myToken.DefaultToken;

//Login with the generated token
EnterpriseSession esToken = ses.LogonWithToken(BOToken);

I am unable to find a method that takes the original token as an argument and determines if it is associated with a valid BusinessObjects session. Overwriting the token on each login (which occurs when employing the LogonWithToken method) is not an option since it is a multi-user environment and the overwrite invalidates the previous token/session, leaving a user in limbo if they are relying on an invalid token.

Does anyone know of a method in the BO SDK libraries that will check the validity of a token WITHOUT overwriting it? I have access to all the DLLs that ship with the stack...

UPDATE:

Since the SDK seems to lack a dedicated method for validating a token, I created a working HACK. After creating a valid token I palce it in cache and "validate" it in subsequent calls by attempting to initialize an EnterpriseSession from the cached token. If session creation fails it is ASSUMED that the token is invalid and a new one is generated and returned to the caching service for storage (sorry if the formatting is off - I'm new to markdown):

Hopefully someone has created a "real" solution to this problem, but the following code is functioning well:

public static class BusinessObjectsAuth
{


    public static string GetBOToken (string currentToken = null)
    {
        if (!ValidateToken(currentToken))
        {
            //This is aprt a custom encryption piece - needed unless you are         comfortable storing pw in plain text in config file
            Crypt decrypter = new Crypt();

            //Generate a new token
            SessionMgr ses = new SessionMgr();
            EnterpriseSession es = ses.Logon(AppSettings.BusinessObjectsUser, decrypter.DecryptString(AppSettings.BusinessObjectsPass), AppSettings.BusinessObjectsUrl, "secWinAD");
            LogonTokenMgr myToken = es.LogonTokenMgr;

            //The token generated below is good on any client for an unlimited number of logins for 24 hours
            //This may or may not be a good idea based on the security of your network
             return myToken.CreateLogonTokenEx("", 1440, -1);
        }
        else
        {
            //If the token is still valild return it
            return currentToken;
        }

    }

    public static bool ValidateToken(string currentToken = null)
    {
        SessionMgr ses = new SessionMgr();
        try
        {
            //Check to see if the token can be used for logon - close the session afterwards
            EnterpriseSession es = ses.LogonWithToken(currentToken);
            es.Logoff();
            return true;
        }
        catch (Exception ex)
        {
            //This is a workaround for the fact that the BO SDK does not include a built in method for verifying
            //that a token is valid - we can only assume it's a bad token if the logon attempt in the try block fails
            string message = ex.Message;
            return false;
        }
    }
}

Answer 1

Perhaps EnterpriseSession.IsServerLogonSession method?

You may also want to experiment with the CreateLogonTokenEx method. You would be able to specify how many logons are allowed.