Setting SETUSERID while running as an AppServer agent

Posted by ericg on 22-Feb-2013 19:09

Hi there! I was trying to use the SETUSERID function while running as an AppServer agent, but could not. Just no change. Is this possible?

So currently when I debug the user (using USERID function) I get the user account running the AdminService for OpenEdge 10.1C (a Windows Managed Service Account). And I want to change it to another account.

All Replies

Posted by mopfer on 23-Feb-2013 14:06

We use SETUSERID on the appserver agents without problems. As long as the values for all three parameters are correct it should work.

lReturn = SETUSERID(cUserID,cPassWord,cLogicalNameOfDatabase).

Posted by ericg on 12-Mar-2013 19:59

Thank Mark! Long delay. Just curious, if the SETUSERID() function can handle Mircosoft's new managed service accounts where no password is possible. This is new in Windows Server 2008 R2 and Windows 7.

Posted by mopfer on 12-Mar-2013 22:21

I don't know of a way to make SETUSERID() work without a valid password, but if you're willing to let the fact that a user got access to the AppServer agent serve as your security without using any of the Progress database security, then you're probably going to want to use something other than the USERID function for tracking your application user in the AppServer agents. You could either implement some session context and store the user ID there when you log into the application, or pass the userid in with each call to the AppServer.

Client-principal is something that has been recently added to OpenEdge for handling user credentials across deployment layers. I haven't used it yet myself so I don't know if that would help you with what you're wanting to do.

Posted by gus on 13-Mar-2013 09:05

There is no direct support for such accounts.


When you execute the SETUSERID function, (in v11) a client-principal object is created under the covers. If the authentication domain for the user account has a 4GL callback defined for it and you are on 11.1 or 11.2, then the callback will be invoked to do the authentication. The cleint-principal object is one of the things passed in. In this authentication callback routine you can validate the user account whatever way you want so you can call whatever windows thing you need to. Easier said than done sometimes, but possible.

This thread is closed