BPM Windows Impersonation


(Jason Woods) #1

EMS is having an issue with allow writing a file to a local server. We are being asked to try impersonation.
Any hints on how to do this in 10.1? Much of the example code I’ve seen appears to require logic that isn’t available.


(Jose C Gomez) #2

That’s going to be tough to do in a BPM… You could try an external BPM Dll… but yikes!


(Bart Elia) #3

Since we don’t use ASP.NET as the execution host but instead WCF - nope.

What are you after as a result?


(Jason Woods) #4

We want to write a text file to the remote customer’s server. Because this is EMS, we must use fancy networking to allow access from Epicor’s servers to theirs. Although we can get the credentials to work when logged into the Epicor App server, it fails from the BPM.
It could be we are using the wrong account for the stored credentials but EMS is now out of ideas.
I’m open to out of the box ideas too. Dropbox sounds like a “no” too.


(Kamran Javid) #5

You could write it from Epicor to a local location and then have something transfer it like a simplw windows service which is coded with the correct permissions for the output directory or a straight through non-conversion service connect workflow with an input and output channel with a connection directly between the two?


(Dan Edwards) #6

Not sure of the full requirements but I have used an FTP service (windows or other) mapped to the share location. You basically as passing FTP credentials and allowing it to handle the back-end permissions.


(Bart Elia) #7

I am not sure your requirements or depending on your level of traceability, you could just use a service account and send over the users credentials in some form depending on what you need.

example -
User=‘EpicorTransferAgent’ Windows account that is used to connect to the file store.
EpicorTransferAgent has read/write to a folder ‘Transferred Files’ with user subfolders.
Individual users have acls to to their own folder but no one elses.
BPM does the transfer as the service account and routes to the appropriate user folder

I have seen that hack for ftping files for about 30 years :wink:

Of course with DOcstar and SharePoint integrations those do a lot of that for you but if you want a ‘free’ option…