Last Good Quote: Son's are the seasoning on our lives. - Someone on Facebook

Saturday, October 26

Logi - Secure Key in 3 Steps

Secure Key  Authorization or Single Sign On integration is a popular item that requires reviewing with a lot of the clients I have dealt with.

This might help.

First Step: Leave your current login/authorization in place. You won't need to make modifications to it.

Second Step:
When your users click a link in your site that opens a Logi report, or opens the Logi portal you have built you will need to perform the secure key authentication at this point. If I had a C# application I might code it up as follows:

protected void rptLink_Click(object sender, EventArgs e)
StringBuilder lgxSecureKeyUrl = new StringBuilder("http://localhost/myLogiApp/);

//add the constant location of secure key handler in Logi

//The username is required (this could also be the UserID that you use to secure the app)

//You can pass roles and rights if you have them allready

//this needs to be the USERS ip address

//shoot the request over to Logi
HttpWebRequest lgxSecureKeyReq = (HttpWebRequest) HttpWebRequest.Create(lgxSecureKeyUrl.ToString());

//the response will be a secure key that is good for a single one time use
HttpWebResponse lgxSecureKeyResp = (HttpWebResponse)lgxSecureKeyReq.GetResponse();
StreamReader sr = new StreamReader(lgxSecureKeyResp.GetResponseStream());
string lgxSecureKey = sr.ReadToEnd();

//you will now send the user to your Logi app with that secure key
//logi will take it from there
StringBuilder lgxReportUrl = new StringBuilder("http://localhost/myLogiApp/rdPage.aspx?rdReport=Default");

//dont forget the secure key

//send the user in what ever way you want

Third Step:
To setup Logi to handle the secure, you will edit the _Settings file.

Add a Security Element with the following settings:

  • Authentication Source: Secure Key
  • Authentication Client Address: [server ip] 
  • Cache Rights and Roles: Session
  • Restart Session: True
  • Security Enabled: True
That should do it for you


The secure key is only good for one request, so if you submit the link and then click refresh, you will get an error as authentication fails. This is intentional. Notice the secure key is in the url when you refreshed.

Passing your UserID in the username is the best way to handle authentication, as then you can query and store any additional information you need using that key.

Keep in mind the rdGetSecureKey request is taking place between your primary server and the logi application


Post a Comment