1

I don't understand how to create a username and attach a role to it (or other way around?) for my opcua server. I'm using the Unified Automation libraries. So far I have a server that I can connect to as anonymous, and I can view my model (but no values, makes sense). I can create a UserNameIdentityToken, set all required values, but I can't later connect to it, which I assume is because I haven't assigned it to my server. Anyways, I'm lost here, and I haven't found my answers in the documentation. Thanks :)

oiergoiergh
  • 115
  • 7

1 Answers1

1

This depends on what role(s) you want to have in your system. The only role predefined in the UA API is Administrator through context.UserIdentity.IsAdministrator.

One way to implement access control is to override the HasAccess(see documentation) function in the NodeManager class. This way, any action like Read, Write, or Browse will allow you to check the user and determine if this user should have access or not.

The actual usernames could be stored in some kind of database or API.

Here is a simple example where the usernames are hardcoded in the server code. In an actual application, they would code from some database or API.

For checking the username on the initial login, you will need to add a listener to the SessionManager.ImpersonateUser that checks the user's login data. For example, you could check a database for the username and password and set ImpersonateEventArgs.IdentityValidationError = StatusCodes.BadIdentityTokenRejected; if the login is bad.

eglease
  • 2,445
  • 11
  • 18
  • 28
  • Ok, so to make sure if I understand correctly. I have a role model, created through server.CreateRoleModel(). I then attach an admin with all permissions to that role model through rolemodel.roletype = adm. adm has a username identity called bob. In the sessionmanager I have an if statement checking that correct pw for bob is inputted by client, then create session through server.sessionmanager with role adm of user bob? In UAExpert I'm getting an error BadInvalidArgument whenever I try to input a password, which I take to mean the server is not properly receiving the password? – oiergoiergh Oct 25 '22 at 13:44
  • Are you trying to run the example or create your own system? The example is available as part of the Lessons help project that comes with the SDK. – eglease Oct 25 '22 at 13:55
  • I'm trying to create my own. I hadn't seen the example server though, so I'll copy most of the user management from there then. – oiergoiergh Oct 25 '22 at 14:21
  • The user management there is hard-coded. How do you plan to store the user data? Is there a database? – eglease Oct 25 '22 at 14:29
  • Yes. I imagine I will ultimately create a database to store user data. But I'm not there yet ^^'. Right now I would already be very happy if I can get a client to connect to a server and view the data – oiergoiergh Oct 25 '22 at 14:38