Determining user access
The steps taken to determine if a client/user has access to the SmartConnect WCF REST service are as follows:
| • | Is this request enabled on the web server to which the client is connecting. If not the client receives an operation disabled on this server message. |
| • | Is the request enabled within SmartConnect. If not the client receives an operation disabled within SmartConnect message. |
| • | Has defined security/standard security been set within SmartConnect for this request. If not, no further security processing occurs and the client gains access to the service request. |
| • | Has defined security/standard security configurations been met by the client: |
| o | Is the user required to be validated by windows. If so and user validation fails the client receives an invalid user for this operation message. |
| o | Is the user required to be validated within SmartConnect. If so and user validation fails the client receives an invalid user for this operation message. |
| o | Are specific user credentials required for access to this request. If so and the user fails validation the client receives an invalid user for this operation message. |
| o | Is IP filtering required within SmartConnect. If so and the client fails validation the client receives an invalid client endpoint for this operation message. |
| o | Is time filtering required within SmartConnect. If so and the request has been made outside the time parameters the client receives an invalid service request configuration message. |
| • | If this request requires access to a map, does the map allow anonymous access, or does the user have access to the map. If validation fails, or the map is locked and cannot be accessed the client receives a map is unavailable or does not exist message. |
| • | If all above security checks have passed the client is granted access to the web service request. |
Note: SmartConnect maps are processed as the user configured to run the SmartConnect WCF REST service.