另一个用户的AX 2012 R3 AIF系统服务呼叫上下文

Question

Is it possible to call the AIF system services using a callcontext of another user? I specifically need to fetch which tables a user has access to. By using the method GetAccessRights in the UserSessionService , I can extract which tables I have access to. I need to call this for other users, so I tried setting the CallContext.LogonAsUser to another user, but I get the error:

An unhandled exception of type 'System.ServiceModel.FaultException' occurred in mscorlib.dll

Additional information: Failed to logon to Microsoft Dynamics AX.

To be able to use LogonAsUser on custom services, I need to set the "Trusted intermediary users" on the inbound port. However, it doesn't seem to be possible to set this on the system services.

I'm testing this on a contoso image. I'm logged in as contoso\\Administrator.

The complete code:

USSReference.UserSessionServiceClient client = new USSReference.UserSessionServiceClient();

USSReference.CallContext context = new USSReference.CallContext
{
    LogonAsUser = "VishwaR"
};

USSReference.AccessControlledItemKey key = new USSReference.AccessControlledItemKey();
key.ItemType = USSReference.AccessControlledType.Table;
key.ItemName = "CUSTTABLE";

UserService.USSReference.AccessRight[] rights = client.GetAccessRights(context, new USSReference.AccessControlledItemKey[] { key });

Answer 1

You can create custom AIF Inbound Port and add AifUserSessionService.GetAccessRights operation. Here you can set Allow trusted intermediary to impersonate .