Re: client impersonation

Hello Matthias

Thanks for your suggestions. I think that I need to mention that the written
TSP is finished and is currently in use at our customers' sites already. It
works (with some limitations although). Impersonation also works; I don't
need the users' credentials because I just impersonate the user by using
RpcImpersonateClient (which is the TAPI client application) and apply this
thread token to a new thread which makes the webservice calls. This way the
new thread runs with the credentials of the TAPI client applications' user.
The limitation is that this only works when there actually is a TAPI client
application calling the TSP and not during boot-time.

We will consider your idea about checking the permissions of all currently
logged in users. I think this idea is quite good, because that multiple
users logged in at the same time is really rare. If we list the lines (or
allow calls) for all currently logged in users then the only problem would
be that the lines of this other user would be available. I think this is not
too problematic.

A single domain may handle tens or even hundrets of thousands of logins. I
was talking about a single domain. In any case more users than can be
selected easily in a combobox. I know of design guides that don't allow more
than 20 choices in a combobox. Some hundret users is quite normal and
selecting one of them in a combobox is not acceptable. Especially where (in
rare cases) some users have more than one line and have to change between
their lines frequently.

Logon script: This is a good idea, but would support only Outlook
(extendable to other progs of course) and has a limitation to only one line.
It would also mean that the line list is always complete. And means no
security.

runtime adding lines: I don't see the problem you mentioned. I'm the TSP, so
I provide the lines. Did I misunderstand you?

I'd like to stress that currently I only have these two smaller problems:
- When the Telephony service starts at boot time (set to automatic instead
of manual) then when asked for the lines (EnumLines) it returns 0. When
later a user logs in and actually needs a line, no more call is made to the
TSP and there is no line available for the user (some kine of caching?). If
I kill the Telephony process and try again, then the user has his line(s)
correctly. When this user logs off and another user logs in, the lines of
the new user are correctly displayed. I don't understand this behaviour at
all. Workaround is to make sure the Telephony service not starts at
boot-time.
- When two users are logged in at the same time (one at console, the other
via Terminal Services) then only the first user has correctly listed his
lines. The other has no line listed. I also don't understand this behaviour.

It would be great if you could shed a little more light on this TAPI
behaviour. In any case we have now some ideas how to further improve the TSP
(some of them thanks to your help).

Regards,
Eric


.