Project Server Components and Authentication
Overview
This article describes the server- and client-side components for Microsoft® Office Project Server 2003 and the application-level authentication layer for Project Server. The article also includes diagrams showing the interaction between Project Server, Microsoft Office Project 2003 (both Professional and Standard editions), and Microsoft Internet Explorer.
Project and Project Server Components
The following tables list the business object components of Project Server 2003 for both the server and the client, including the components used to interact with Project.
| Component | Description |
| MkRetail.dll | Manages session state. |
| MSPNav.dll | Performs data access for the Portfolio Modeler. |
| MSPJWMS.dll MSPWSS.dll MSPWIF.dll MSWarp.dll |
Used by the Portfolio Modeler. |
| PDS.dll | Project Data Service (PDS). Handles XML-based requests to perform functions and return data. |
| PJOLEDB.dll | Microsoft Project OLE DB provider. |
| PJDBComm.dll | Receives publish messages to synchronize Microsoft Office Project Web Access and Project data. |
| PJMsgHlr.dll | Decodes and publishes project data. |
| PJNPE.dll | Sends reminders by using SMTP. |
| PJQuery.dll | Executes queries and stored procedures. |
| PJSchSvc.exe | Invokes scheduled processes including reminders, cube generation, and Active Directory synchronization. |
| PJState.exe PJLKR.dll |
Persists user session state. |
| PJSvrSecurity.dll | Checks permissions to data and functionality based on user context. |
| PJTextConv.dll | Manages number and text formatting. |
| PJTrace.exe PJTrcPrv.dll |
Project Server trace service. Manages generated trace and debug events. |
| ProjObjProv.dll | Links documents, risks, and issues to projects and tasks. It also relays the Project Server commands (via XML in SOAP messages over HTTP) to remotely administer Windows SharePoint Services, and to obtain documents, issues, and risks schema information. |
| ProjOlap.dll | Manages the process of building an online analytical processing (OLAP) cube. |
| PVWMgr.dll PCSViews.dll |
Publishes Project Web Access view data from Project data. |
| VWNotify.exe | Invokes view data creation on publish. Also invokes the OLAP cube generation process. |
Client components
| Component | Description |
| PJ11EnuC.dll | Manages language-dependent resources. |
| PJCalendar11.ocx | Calendar control. |
| PJGrid11.ocx | Grid/Gantt control. |
| PJMsgMgr.dll |
|
| PJOffline11.ocx | Manages Project Web Access offline. |
| PJOutlook11.ocx | Microsoft Office Outlook integration object. |
| PJQuery11.ocx | Client-side data access object, by Remote Data Service (RDS) to Microsoft Internet Information Services (IIS), through ADO. |
| PJRes11C.dll | Contains client control boilerplate text. |
| PJSecurity2.ocx | Logon/authentication object. |
| PJSpool.exe PJSpooli.dll |
Manages the queue of asynchronous calls to PJDBComm.dll for Project. |
| PJTextConv11.dll | Manages number and text formatting. |
| PJUpdate11.ocx | Updates projects in Project. |
| PJPrint11.dll | Exports grid data in XML format into Microsoft Office Excel. |
Project Server Authentication
In addition to authentication based on Microsoft Windows® user accounts provided by IIS, Microsoft Office Project Server 2003 supports application-level authentication, encrypting users' passwords using the Microsoft Crypto API. Project Server then stores them in the MSP_WEB_RESOURCES table in the Project Server database.
The following steps refer to Figure 1, which shows relationships between the authentication pages for Project Server.
Authentication can begin on one of several pages, depending on the type of authentication and the originating application. The pages in the following table are grouped as 1. Logon Pages in Figure 1.
Authentication type Internet Explorer page Project page Project Data Service page Integrated LGNINT.ASP LGNINTPJ.ASP LGNINTAU.ASP Application LGNPS.ASP LGNPSPJ.ASP LGNPSAU.ASP Basic LGNBSC.ASP n/a n/a All of the logon files include the AUTHLIB.ASP file that authenticates the user and returns authentication- and logon-related error codes. The logged on user name is looked up in the MSP_WEB_RESOURCES table. Each of the pages navigates to the Session Manager page (SESSTART.ASP), passing different parameters as required.
The session manager page includes PJSECURITY.ASP which checks user permissions. If the user does not have permissions or an error occurs, an error message is displayed to the user or, in the case of the Automation entry points, an error code is returned in XML.
If authentication succeeds, the Session Manager creates a session for the user which is then referenced at every page request throughout the session. The session must be created at the time that the user is authenticated to eliminate the ability to spoof the system into creating a session without proper authentication. The session acts as the security context, and the session cookie is the handle to obtain the session information during subsequent interaction with Project Web Access. The session times out if not used within a given time limit or is destroyed when the user logs off Project Web Access.
The "ref" query string parameter is also supplied on the URL when navigating to the session start page. This specifies the URL to navigate to when an error occurs. This can be different from the target redirection page because logon error messages are only displayed on certain pages, such as LGNPS.ASP. If an error occurs in LGNINT.ASP, for example, the user is navigated back to LGNPS.ASP with the error code supplied as a query string parameter. The LGNPS.ASP page then displays the error message to the user.
After the session information is properly created and persisted, the session start page checks the query string parameter to determine if the request came from the Automation or Project entry point. If the request came from the Automation entry point, then the page goes back to the Automation page that creates the required XML. If the request came from one of the Project entry points, then the page goes to the MSPJLOGINDONE.ASP page (see 2a in Figure 1) to notify Project that the logon sequence has completed. Project then captures the session cookie for subsequent communication with Project Web Access. The starting application page is then determined and stored in the session. The session start page then goes the prerequisite page (PREREQ.ASP).
The prerequisite page is where the client-side validation is performed and client-side locale information is gathered. A check is made for the existence of the client-side controls by calling a function that returns the version of the controls. If the call to the function fails or the version of the controls is earlier than the version of the server, then the user is routed to the download page for End User Licensing Agreement (EULA) to accept the EULA and download the controls (see 3a in Figure 1). If the user accepts the EULA, the user is navigated to the download page (DOWNLOAD.ASP; see 3b in Figure 1), which downloads the controls. This page also calls the version check to ensure the controls load properly. When the download is complete, the download page navigates back to the prerequisite page. The prerequisite page verifies that the download succeeded and then gathers the locale information and passes it as a query string parameter to the redirection page (REDIRECT.ASP).
The final step of the logon sequence is the execution of the redirection page. The redirection page uses the session cookie to obtain the user's session and stores the locale information in the session. Then the starting application page is retrieved from the session and the query string parameters are added back to the URL. The user is then redirected to the starting page in the application.
.gif)
Figure 1. Authentication page relationships for Project Web Access
Project Server Subsystems
This section describes the various Project Server subsystems that rely on other server products including Microsoft Windows® Sharepoint™ Services, Microsoft SQL Server™ Analysis Services and the Microsoft SMTP host.
Views Processing Subsystem
The process of publishing a large project to Project Server can be processor- and database-intensive. To improve the performance and scalability of the view generation process, the Project Server View Processor was created to:
- Occur once when the project was published.
- Write the view data to SQL Server tables to be read when project views are requested.
- Be deployed on a separate application server for performance and scalability subsystem components.
Subsystem Components
| Views Notification Service | This service (VWNotify.dll) listens for operating system events to know when an .MPP and associated XML metadata file are dropped into the \ViewDrop folder on the server by Project Server when the project is published (see Figure 2). The service opens the XML file, validates permissions, and if validated, passes the XML file onto the View Processor. Security for what this component receives is controlled through access permissions assigned to the directory from which events are generated. |
| View Processor | This processor (PcsViews.dll) removes duplicate published projects for the same project and user, thereby reducing the impact of a denial of service attack. |
| View Manager | This manager (PjVwMgr.dll) is responsible for reading the data from either the published project file or from an enterprise project database, transforming the data using the Microsoft Project OLE DB provider, and writing the view data to the view tables in the Project Server database. |
.gif)
Figure 2. The Views Notification service
Document Management, Issues, and Risks
Windows Sharepoint Services can be integrated with Project Server to provide both Web publishing and collaboration features to make communicating and sharing project information easier. When integrating Windows Sharepoint Services with Project Server, Windows Sharepoint Services is treated as a component of the server rather than a stand-alone program. Project Server setup automatically configures Windows Sharepoint Services, but some manual configuration and administration may be required as well. For Windows Sharepoint Services to work with Project Server, Windows NT® accounts (domain and local) must be used.
Subsystem Components
| Project Web Access | Project Web Access hosts Windows SharePoint Services document pages in an IFrame, and queries Windows SharePoint Services for lists of documents, issues, and risks, which it displays in Project Web Access (see Figure 3). Windows Sharepoint Services is administered from Project Web Access through Simple Object Access Protocol (SOAP) over HTTP. Administrative tasks include creating and deleting Windows SharePoint Services sites and adding users to roles. |
| Object Link Provider | The Object Link Provider object (ProjObjProv.dll) resides in the middle layer of Project Server. It exposes a programmatic interface for linking documents and issues and risks to projects and tasks. The link information is stored in the Project Server database. The Object Link Provider can be used to integrate Project Server with another document management system as long as the unique identifier of the documents can be expressed as a URL, in XML, or as a table ID. An external object can be easily associated with projects and tasks, or with other external objects through the Object Link Provider. |
| Link information tables | These tables reside in the Project Server database and store data about links between documents, issues and risks, and projects and tasks. |
| Windows Sharepoint Services | Project Server setup installs a default template and XML schemas of the server running Windows Sharepoint Services to include information relevant to project management. This server can reside on the same physical computer as Project Server or on a different one. |
| Windows SharePoint Services data stores | Windows SharePoint Services stores all data including configuration data, lists, and documents in a SQL Server 2000 database. All interaction with the database is performed by Windows SharePoint Services. |
.gif)
Figure 3. Project Server and Windows SharePoint Services integration
OLAP Cube Generation Subsystem
Project Server 2003 provides OLAP tools for portfolio analysis. The cube-building process consists of two stages. First, staging tables (dimension and fact tables) are populated from the view tables. Next, the cube is built from the staging tables. Cube generation can be either scheduled or invoked on demand. Once built, Project Web Access users can view the cube using the Office Web Controls as PivotTable® and PivotChart® controls. Windows NT accounts (domain or local), along with the appropriate permissions, are required for users to view cubes by using the Office Web Controls and also for administrators to build new views against the cubes. The service that actually builds the cubes must have its own Windows NT account in both SQL Server and Analysis Services.
.gif)
Figure 4. Portfolio Analyzer OLAP cube in Project Server
Notification Subsystem
Project Server allows project managers and team members to schedule e-mail reminders to their resources and themselves, respectively. The notification system can also send e-mail notifications based on user actions such as publishing a project.
System Components
| Scheduler service | The scheduler service (PJSchSvc.exe) periodically checks for reminder e-mail notifications and, if extant, calls the notification component. |
| Notification component | The notification component (PJNPE.dll) sends reminder e-mail when invoked by the scheduling service or the Project Server message. |
| Project Server message handler | The message handler (PJMsgHlr.dll) calls the notification component to generate notification e-mail on publish. |
.gif)
Figure 5. Project Server e-mail notification and reminder subsystem