Epicor Rest Helper - Static Class

bmgarver · November 9, 2023, 12:25pm

I have created a Blazor Server application using the Epicor Rest Helper. Since EpicorRest is a static class, a scoped instance can not be created and this has led to the settings being shared between users, matching the last user logged in. Transactions are being saved to the db under the last user login instead of the current user. Any suggestions to separate the calls with Blazor Server app?

program.cs

var appSettings = builder.Configuration.GetSection("ServerSettings");
EpicorRest.AppPoolHost = appSettings["Host"];
EpicorRest.Company = appSettings["Company"];
EpicorRest.APIKey = appSettings["APIKey"];

loginService

public async Task<AppSession> GetAppSession(LoginModel loginModel, AppSession appSession)
{
    EpicorRest.UserName = loginModel.UserName;
    EpicorRest.Password = loginModel.Password;
    EpicorRest.AppPoolInstance = loginModel.Instance;
    try
    {
        if (await EpicorRest.CreateBearerTokenAsync())
        {
            EpicorRest.EpiSession = new EpicorRestSession();
            appSession.UserName = loginModel.UserName;
            appSession.IsAuthenticated = true;
        }
        return appSession;
    }
    catch (Exception)
    {
        throw;
    }
}

josecgomez · November 9, 2023, 12:33pm

You are setting a username
And password and also generating a token which an async call

Try using a session for the call and setting just the username and password then wrapping the session in a using statement

bmgarver · November 9, 2023, 1:21pm

Thanks for the reply, @josecgomez .

Please excuse my ignorance, but won’t placing the session in a using statement dispose of that session at the end of the function and require a new session each time a function call is placed to EpicorRest? If the EpicorRest.UserID and .Password are revised each time a user logs in, and possibly the .AppPoolInstance (Production vs Test), will it not result in the same behavior?

Thanks for your help.

josecgomez · November 9, 2023, 1:40pm

If you are using a session (which you don’t need) yes you should be making a new one for each user on each call

Otherwise just don’t use session at all username and password is plenty

bmgarver · November 9, 2023, 2:36pm

I have uploaded a video of what I am experiencing. After a second user logs on, the EpicorRest.UserID, EpicorRest.Password and EpicorRest.AppPoolInstance are updated to the last users login information. Creating a new EpicorRestSession would be based on the other user given the current state of EpicorRest. To avoid this without being able to scope an instance of EpicorRest, I would have to reassign the userID and password before each EpicorRest call.

josecgomez · November 9, 2023, 4:40pm

Yes you need to do that re-assign the username and password on every call. I can look into turning it into an instance class but even if I did its a single backend so you would still have to do somehow keep track of who the user is and swap user’s or class instance

Having the class not be static wouldn’t really help you here

bmgarver · November 9, 2023, 4:46pm

Dependency Injection as a scoped service?

josecgomez · November 9, 2023, 4:47pm

AH got it hmm ok well…

Short answer maintain the username / password as a scoped variable and raplce it on the calls…

Longer answer we’ve already been considering moving to an instance class

How are you maintaining the uusername / password between calls for a user right now? are you storing that in a session variable?

bmgarver · November 9, 2023, 4:54pm

No, and that seems to be the issue. On login, the userID and password are stored to EpicorRest and then used for subsequent calls. Problem is the next user login overwrites the previous credentials and next calls are written under those user details. I need a scoped instance to keep the calls separate.

josecgomez · November 9, 2023, 4:55pm

However here’s what I recommend instead. User an impersonation header

Establish a server side username / password config for an account that has impersonation rights
for the Login screen (only) use the provided username / password to validate / authenticate. Establish a user session which keeps the username as part of the state
For every subsequent call use the impersonation header to make any rest calls simply apply the impersonate property before every call with the username from the request using the configured account with impersonation rights.

Something like this, mind you this is pseudo code

EpicorRest.AppPoolHost = Settings.Default.Host; //TLD to your Epicor Server
EpicorRest.AppPoolInstance = Settings.Default.Instance; //Epicor AppServer Insdtance
EpicorRest.UserName = Settings.Default.User; //Epicor Username
EpicorRest.Password = Settings.Default.Password; //Epicor Password
EpicorRest.APIKey =Settings.Default.API; //API key required with V2
EpicorRest.APIVersion = EpicorRestVersion.V2; //Defaults to V2

Session = new Session(); //Scoped Session variable

public Login(stirng user, string password)
{
    EpicorRest.UserName = user; //Epicor Username
    EpicorRest.Password = password; //Epicor Password

    var getEnvironemtn = EpicorRest.GetEnvironment();
    if (all is good)
    {
        Session.CurrentUser = user;
    }
    //Reset Class Back to Impesonation Account
    EpicorRest.UserName = Settings.Default.User; //Epicor Username
    EpicorRest.Password = Settings.Default.Password; //Epicor Password

}


public MakeACall()
{
    EpicorRest.ImpersonateUser = Session.CurrentUser;
    var result = EpicorRest.BaqGet("zCustomer01");
}

bmgarver · November 9, 2023, 5:34pm

I can think of (2) instances where this may not work. Both are timing issues.

More than 1 user logging in at the same time (low probability)
More than 1 user making rest calls at the same time while logged into different instances - Production vs Test environments (higher probability especially during program changes / testing)

A scoped instance would solve both of these.

josecgomez · November 9, 2023, 5:38pm

If you are going to be connecting to multiple Epicor instances I’d recommand two running instances of the app
prod.app.tld, and dev.app.tld

Much easier to manage than also passing in the Epicor / Host and API keys on every call… That failing

You can make your own HTTP calls and deal with the Epicor stuff directly too if that’s the case, it isn’t hard the library is just making it easier (for some) but if it doesn’t work for what you need then implement HttpClient

bmgarver · November 9, 2023, 5:55pm

That is my next direction. Thanks for your help.

Truly appreciate you @josecgomez !

Evan_Purdy · November 9, 2023, 6:00pm

Where can I find more information about impersonation? What does it show in changelogs?

Mark_Wonsil · November 9, 2023, 6:10pm

The Office Wig GIF

josecgomez · November 9, 2023, 6:10pm

In the change logs it shows the user that was impersonated in my experience but I’d test it throughly or be sure

Mark_Wonsil · November 9, 2023, 6:16pm

Your Task Agent does impersonation. If you check what is logged on jobs, I’m sure it will confirm Jose’s statement.

Evan_Purdy · November 9, 2023, 6:20pm

Hm, I guess that means if I ever have time I could make my REST based configurator have it show the user running the configurator changing the price/description,etc. Learn something every day

Topic		Replies	Views
Epicor Rest Helper (Nuget) Updated (1.1.11) Epicor ERP 10 rest , rest-api	41	9723	December 10, 2020
Epicor Rest Helper (Nuget) Updated V2 Experts' Corner epicor , rest , client , api , nuget	326	42800	November 8, 2024
Rest API for Epicor Cloud Epicor ERP 10 api-management	21	11985	October 16, 2019
EpicorRESTApiCore - Error when running POST Epicor ERP 10 e10 , epicor , rest	48	3383	November 1, 2023
Epicor functions Epicor ERP 10 e10-erp	7	2233	March 3, 2020

Epicor Rest Helper - Static Class

Related Topics