I don't understand how to create a username and attach a role to it (or other way around?) for my opcua server. I'm using the Unified Automation libraries. So far I have a server that I can connect to as anonymous, and I can view my model (but no values, makes sense). I can create a UserNameIdentityToken, set all required values, but I can't later connect to it, which I assume is because I haven't assigned it to my server. Anyways, I'm lost here, and I haven't found my answers in the documentation. Thanks :)
This depends on what role(s) you want to have in your system. The only role predefined in the UA API is Administrator through context.UserIdentity.IsAdministrator
.
One way to implement access control is to override the HasAccess
(see documentation) function in the NodeManager
class. This way, any action like Read, Write, or Browse will allow you to check the user and determine if this user should have access or not.
The actual usernames could be stored in some kind of database or API.
Here is a simple example where the usernames are hardcoded in the server code. In an actual application, they would code from some database or API.
For checking the username on the initial login, you will need to add a listener to the SessionManager.ImpersonateUser
that checks the user's login data. For example, you could check a database for the username and password and set ImpersonateEventArgs.IdentityValidationError = StatusCodes.BadIdentityTokenRejected;
if the login is bad.