9

When running Raven.Server.exe by default admin panel is visible at IP:PORT address. How can I restrict access to this panel for specific users only?

Matt Johnson-Pint
  • 230,703
  • 74
  • 448
  • 575
Steve Macculan
  • 2,292
  • 5
  • 22
  • 32

2 Answers2

6

Steve, we are running RavenDB as a windows service and use windows authentication to control access. If you want to use Windows Authentication, you can setup the configuration to only allow access by a windows group. That way you can restrict access to users by controlling who is in the windows group.

<add key="Raven/Authorization/Windows/RequiredGroups" value="WindowsDomain\RavenDBG"/>
<add key="Raven/AnonymousAccess" value="None"/>
Adam Spicer
  • 2,703
  • 25
  • 37
  • 3
    Adam, note that there is also RequiredUsers, as well as RequiredGroups – Ayende Rahien Apr 06 '12 at 05:31
  • @AyendeRahien Is there a way to use RequiredUsers to specify *two* users? – Bob Horn Nov 27 '12 at 22:27
  • 1
    I think I just found it on the RavendDB site: "Multiple groups can be specified, separated by a semi column (;)." I’m assuming this works for users as well. (Looks like a typo on the site; column should be colon.) – Bob Horn Nov 27 '12 at 23:11
2

Steve, RavenDB uses windows authentication by default and there is no exception for the management studio. You can switch to OAuth if you like, and this will also apply for the management studio. So in case you want to stick with ravens default Windows Authentication, just set anonymous access to none and make sure only the users you like have have access to ravens data folder. I suggest you double check this if you're running in a domain environment, since it will be likely that domain users are granted access if not explicitly disabled.

Daniel Lang
  • 6,819
  • 4
  • 28
  • 54
  • `domain users are granted access if not explicitly disabled.` I think I'm running into that problem now. Do you know how I explicit disable domain users? I've set the config like Adam Spicer shows, but I can still access RavenDB even when I don't think I should: http://stackoverflow.com/q/13588064/279516 – Bob Horn Nov 27 '12 at 21:31
  • Bob, can you switch over to RavenDB 2.0? Things are a lot easier there and you have a nice GUI to handle this... – Daniel Lang Nov 30 '12 at 09:24
  • I just upgrade to build 960. Is that considered 2.0? – Bob Horn Nov 30 '12 at 13:42
  • No, build starting with 2XXXX are considered 2.0 – Daniel Lang Dec 03 '12 at 14:42