on 03-20-2014 7:46 PM
What is the best practice these days for sending a user login through the .NET connector? In all of our web apps that use the SAPNCo, we use a service user to log in and perform the FM code. The web application, therefore, has one RfcDestination that is logged in as this service user. How then would we send a user login to be used for executing the FM -- BAPI_PO_CREATE1, for example. It is much more important to capture who the user is in this case.
I know there is the use of the RfcCustomDestination, as described here () but I was wondering if there are any other options available.
Any tips for this predicament?
Hello Case,
The approach in NCo for this purpose is to use RfcCustomDestination, as already recognized by you. Thus you can challenge the user for his personal password and set those credentials for the logon. Best variant is to provide a repository user and password in the configured destination so that metadata is then read with a user that is restricted to metadata lookup permissions only.
In case the infrastructure would issue a token for the logged on user, one could imagine that with such a token and trust between the ABAP system and the NCo application could do some kind of SSO. However, NCo runtime is not prepared so far to allow such a setup.
Best regards,
Markus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.