1 Reply Latest reply on Jan 19, 2012 3:24 PM by tdanner

    Credentials using Orian SDK

    Paul-brett

      Hi

       

      I am trying to write a client app that consumes the SWIS web service. I am trying to login to the web service but when I execute the QueryXML method it throws an Exception:

      "Could not establish trust relationship for the SSL/TLS secure channel with authority 'solarwinds:17778'".

      I am guessing the web service is not able to authenticate the user credentials I am providing.

      I am setting the follwoing properties with no joy.

      client.ClientCredentials.UserName.UserName = @"mydomain\username";
      client.ClientCredentials.Windows.AllowNtlm = true;

      client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;

      I was wondering if our administrators need to set my account up in Solarwinds differently or there is a configuration step being missed.

      I have access to the Solarwinds dashboard via the browser without logging in but my nt account credentials are not working for the webservice.

       

      Thanks

       

      Paul

        • Re: Credentials using Orian SDK
          tdanner

          There are two things going on here.

          First: the "Could not establish trust relationship" error you are getting is because the certificate SWIS uses for HTTPS is intentionally not a valid certificate. It is self-signed rather than issued from a proper certificate authority like Verisign, and its common name is CN=SolarWinds-Orion instead of whatever the FQDN of your server is. You will need to bypass certificate validation with a line like:

           

          ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;

          In this mode, HTTPS provides confidentiality and replay protection, but not host authentication.

          Second: unfortunately at this time SWIS does not support authenticating Windows accounts over HTTPS. This is something we are looking at fixing in a future release. Until then, you will need to use non-Windows Orion accounts for this API.