logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
DCIArtformDev  
#1 Posted : Wednesday, September 12, 2018 8:22:15 PM(UTC)
DCIArtformDev


Rank: Guest

Joined: 5/3/2018(UTC)
Posts: 7
Location: Milwaukee

I know I can get a definition file for the rest api for my instance in the form of:

https://[instancename].screenconnect.com/OpenApiDocument.axd (Is there a Swagger like document explaining the details of each function?

What permissions are needed to make calls on the functions in this api, such as: https://[instancename].screenconnect.com/Services/PageService.ashx/GetSessionDetails

I can make a raw call to this endpoint using something like fiddler/postman:

Quote:
POST https://[InstanceName].screenconnect.com/Services/PageService.ashx/GetSessionDetails HTTP/1.1
accept: application/JSON; charset=utf-8
content-type: application/json
cache-control: no-cache
authorization: Basic **************************
user-agent: PostmanRuntime/7.2.0
accept-encoding: gzip, deflate

["GROUPNAME","SESSIONID"]


It seems I can only successfully make this call with the "Cloud Administrator" account, no others. I feel like I'm glossing over a permission ssue here, but I don't know where.

I don't want to store cloud admin credentials in an application in order to make this work...

Any insight is appreciated.
Scott  
#2 Posted : Wednesday, October 3, 2018 1:40:34 PM(UTC)
Scott


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 3/28/2014(UTC)
Posts: 2,764
United States

Thanks: 3 times
Was thanked: 338 time(s) in 292 post(s)
So I guess the only reliable way to know which permissions are required for each method is to look at the functions themselves.

Within the server installation in Services/PageService.ashx, the GetSessionDetails method has

Code:

		Permissions.AssertPermission(new SessionPermissionRequest { Name = PermissionInfo.ViewSessionGroupPermission, SessionGroupName = sessionGroupName, SessionType = sessionDetails.Session.SessionType }, permissionEntries);


meaning it requires the ViewSessionGroupPermission to return any information. It also requires the ViewSessionGuestScreenshotPermission (found one line above the previous code sample) to correctly return the image data.


Just for another example, if you look within the MailService.ashx class at the SendTestEmail method, you can see it also asserts the AdministerPermission.
ScreenConnect Team
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.