UDRestAPI as Service for multiple accounts

Speegel · January 6, 2020, 5:09pm

Hello Folks,

I’m working for a company that is very interested in UD Dashboard for it’s REST API and frontend abilities. Though, they are pretty focused on security and do not want to grant access to a single service account the ability to operate some actions on SCCM / ADDS / etc … and thus requires these operations to be executed under different context depending on the target system.

I thought about running multiple REST API as services and running those services using the proper service account and then query those REST APIs from a Dashboard running on IIS and voila… …but seems like it’s not really possible, as I faced a lots of issues trying to publish services with Start-UDRestAPI and it seems like there is no possibilities to run multiple services using the publish service cmdlet. [@crni ask the very same question in May view here and still got any feedback about it]

So my question is, is there a proper way to run multiple REST API on the same box with different accounts in order to split accesses. That could be a show stopper if this is not possible. I thought about Docker Containers but the only documentation I found for docker containers are for Azure and I’m not experienced at all with this technology. So I’m fishing for solution right now and I’d really like to use this solution.

If any of you have some experience with this type of implementations, I’d really like to have some insight !

Many thanks in advance for your help on this and feel free to let me know if you need any additional information.

Cheers !

BoSen29 · January 6, 2020, 7:52pm

Hi @Speegel

You want separate REST API’s ran as difrent service accounts?
And from a security perspective, you cannot have a single one run the dashboard, and it dynamically loading credentials for the required modules on demand?

Speegel · January 7, 2020, 7:30am

Hey @BoSen29,

Yes this is what I’m trying to do. First for security reasons and then for spliting the webservices in order to avoid getting down REST API from AD / SCCM / DNS / etc + the Dashboard itself when we have to apply updates or fixes.

Security team doesn’t want any password stored locally for such purpose, even credential vault ain’t an valid solution for them.

The current environment is very tightly controlled and I have to figure out a reason, licenses won’t be an issues as we discussed already to eventually buy an enterprise license to run as much instances as we need.

BoSen29 · January 7, 2020, 9:32am

Hi again @Speegel,

Hmm…
This should be archievable via hosting in IIS.
Create separate applicationspools for the relevant REST APIs, make a parent proxy to proxy to the relevant sites based on URL?

IIS hosting of UD purely proxies the requests to the internal webserver of UD, so it should work?
From a licensing perspective, i have no idea… @adam?
Technically you’d need a license for each separate applicationpool.

See:
https://docs.universaldashboard.io/webserver/running-dashboards/iis#creating-nested-iis-sites

Topic		Replies	Views
Start-UDRestApi on IIS Universal Dashboard	3	740	October 23, 2020
Multiple Independent Windows Services Universal Dashboard Help	0	539	May 15, 2019
Working with UD REST APIs Cookbook	8	1352	October 8, 2019
Authentication - Dashboard and REST API Universal Dashboard Help	3	1422	October 29, 2019
Start UD Dashboard on Localhost Only Feature Requests	4	1411	September 4, 2020

UDRestAPI as Service for multiple accounts

Related topics