Passed to a Session in order to authenticate an Interaction Center user that is creating a session on behalf of another Interaction Center user (through windows authentication).

Namespace: ININ.IceLib.Connection.Extensions
Assembly: ININ.IceLib (in ININ.IceLib.dll) Version: (


public class ProxyAlternateWindowsAuthSettings : AuthSettings
Visual Basic
Public Class ProxyAlternateWindowsAuthSettings _
	Inherits AuthSettings


For more information on authenticating with IceLib see Authentication.

The ProxyAlternateWindowsAuthSettings object is used to specify Interaction Center proxy user authentication settings. This is used when alternate windows credentials should be used to authenticate the proxy user requesting a Session on behalf of another Interaction Center user. In order to do proxy logins the proxy user must have the "Proxy Logins" right set in Interaction Administrator.

The ProxyAlternateWindowsAuthSettings object can be used with the SessionWatch object to supply the StationSettings and SessionSettings arguments to the Connect method of the Session object.

In 2.4 SU 27 and beyond the server parameter UsersWithProxyLoginRight is used to set the list of users that have rights to perform proxy logins via this class. The value for this parameter should contain a '|' delimited list of user IDs. However, in 3.0 and beyond the logged in user must have a specific "Proxy Logins" Access Control right configured on their IC User via the Interaction Administrator application. This setting is in the "Miscellaneous" section of the Access Control settings.


The following example shows how to monitor for sessions created by other users and then how to create a proxy connection to the IC server for another user, based on the authentication credentials of a special "elevated rights" user.
private void StartSessionWatch()
    // For this example, the focus is on watching for sessions created by a particular target User, then creating a proxy connection as
    // if we were that target User, but authenticated using a special "elevated rights" user's credentials.  This is a model used by some
    // server-side integrations, where the server-side component connects as the single "elevated rights" user and can then perform
    // operations on behalf of other users in the system.

    // We'll skip over creation of this server-side application's Session.
    // See other examples for basic details on establishing a connection with the server.
    Session session = CreateSessionForElevatedRightsUser();

    // For this example, we create a "session watch" to monitor for other applications/users that are connecting to the server.
    // Alternatively, a "proxy login" could be create for a user that was obtained based on some other application logic.
    SessionWatch sessionWatch = new SessionWatch(session);

    // Register the event handlers for watched session changes.
    sessionWatch.SessionWatchedUserAdded += SessionWatchedUserAdded;
    sessionWatch.SessionWatchedUserRemoved += SessionWatchedUserRemoved;

    // A session watch can watch for sessions for a given IC User, for an IC Station, or for a Machine.
    // For this example, we'll assume that a particular IC User is to be watched, based on external application needs.
    string targetIcUserId = "<target user ID>";

    SessionWatchId[] sessionsToWatch = new SessionWatchId[]
        new SessionWatchId(SessionWatchType.User, targetIcUserId)

    // Start monitoring for watched session changes for the specified criteria.
    ReadOnlyCollection<SessionWatchSettings> watchSettings = sessionWatch.StartWatching(sessionsToWatch);

    // The result contains any existing connected sessions that match the session watch criteria.
    // The SessionWatchedUser* events will be invoked as matching sessions are connected/disconnected.
    foreach (SessionWatchSettings setting in watchSettings)
        // For this example, we plan on creating a proxy connection on behalf of the target user.

private void EstablishProxyConnectionToSession(string targetUserId,
                                               SessionSettings sessionSettings,
                                               HostSettings hostSettings,
                                               StationSettings stationSettings)
    // Here we assume that the current windows account under which this application is running is the one associated with
    // the elevated rights user.
    // Note that the IC user that is used to "vouch for" targetUserId's login must have "elevated rights" that allow it to serve
    // as a proxy for the authentication of other Interaction Center users.  The "elevated rights" user should be created
    // specifically for the server-side application's use, with very few rights other than the ability to proxy authentication.
    // The "elevated rights" user must have a specific "Proxy Logins" Access Control right configured on their Interaction Center
    // User via the Interaction Administrator application. This setting is in the "Miscellaneous" section of the Access Control
    // settings.
    ProxyWindowsAuthSettings proxyAuthSettings = new ProxyWindowsAuthSettings(targetUserId, ProxyTargetUserType.ICUser);

    // Alternatively, explicit IC user credentials (i.e. user ID and password) can be specified, but then often those credentials
    // are persisted somewhere to configure the custom application, so this is usually less secure than using Windows-based
    // authentication.
    // string elevatedRightsIcUserId = "<elevated rights user ID>";
    // string elevatedRightsIcPassword = "<elevated rights user password>";
    // ProxyAuthSettings proxyAuthSettings = new ProxyAuthSettings(elevatedRightsIcUserId, elevatedRightsIcPassword, userName);

    // Next, we create a new, separate, Session for the connection of the proxy login.
    // This Session will have the "context" (e.g. rights) of the target User's account, not of the elevated rights user's account.
    // What makes this a "proxy login" is that either ProxyWindowsAuthSettings or ProxyAuthSettings is used as the authSettings parameter.
    Session proxySession = new Session();

    // For this example, we intend to make calls on behalf of the user, using their station.
    // So, we re-use the same station that was part of the session watch result for the user being proxied.
    proxySession.Connect(sessionSettings, hostSettings, proxyAuthSettings, stationSettings);

Inheritance Hierarchy


Version Information

Supported for IC Server version 2015 R1 and beyond.
For 4.0, supported for IC Server version 4.0 SU 3 and beyond.

See Also