DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Coding Frameworks Java JavaScript Languages Tools
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Coding
Frameworks Java JavaScript Languages Tools
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Data Engineering
  3. Databases
  4. Authentication and Authorization With RBAC in .NET

Authentication and Authorization With RBAC in .NET

Now that Couchbase Server 5.0 Beta is released, check out this in-depth blog post about how to use the Couchbase .NET SDK along with its new features.

Matthew Groves user avatar by
Matthew Groves
·
Jun. 11, 17 · Tutorial
Like (2)
Save
Tweet
2.86K Views

Join the DZone community and get the full member experience.

Join For Free

authentication and authorization are vastly improved in couchbase server 5.0. we’ve been blogging about the new rbac features in the developer preview for a while.

  • authentication and authorization with rbac : introduction.
  • authentication and authorization with rbac (part 2) : managing users.
  • improved sdk authentication methods — couchbase 5.0 : an introduction featuring python, java, php, and .net.

now that couchbase server 5.0 beta is released, i’m writing a more in-depth blog post about how to use the couchbase .net sdk along with these new features.

the full code samples used in this blog post are available for you on github .

create a bucket

as i mentioned in previous posts, the days of buckets with passwords are gone. the future belongs to users — users that have specific permission(s) to the specific bucket(s).

let’s start by creating a bucket. in the couchbase ui, login as the administrator that you created when you installed couchbase. go to buckets and click add bucket (top right). you will see the add data bucket dialog. notice that there is no longer a “password” field (not even in advanced bucket settings ).

give the bucket a name and some amount of memory, and click add bucket . now you have a bucket. but, other than an administrator in the ui, no one can access this bucket yet.

create a user

in order to get access to this bucket, you must create a user. in couchbase 5.0, “users” are an entirely new feature, bringing richer authentication and authorization features to couchbase server.

while still logged in as an administrator, go to security to see a list of users. click add user (top right).

create a user with whatever name and password you’d like. you can choose which roles the user has, and for which buckets (when applicable). let’s give this user data writer and data reader roles, for the bucket that was just created (e.g. “mybucket”), but not any query roles.

once the user is added, you can hover over the roles to get a description of what the role means.

authentication and authorization with the couchbase .net sdk

now that we have a bucket and a user, let’s see how to use them with the .net sdk.

start by creating a cluster object. 

var cluster = new cluster(new clientconfiguration
{
    servers = new list<uri> { new uri("http://localhost:8091") }
});

you have a cluster, but your program has not been authenticated yet. use a passwordauthenticator object to specify the credentials. then, use that object with the cluster’s authenticate method. in this example below, i’m using incorrect credentials. 

var authenticator = new passwordauthenticator("myuser", "wrongpassword");
cluster.authenticate(authenticator);

now, if i try to perform an operation like openbucket on the cluster, an exception is thrown. 

try
{
    var bucket = cluster.openbucket("mybucket");
}
catch (exception ex)
{
    console.writeline("error getting bucket.");
    console.writeline(ex.message);
}

now, let’s try it again using the correct credentials. authentication will work. but let’s talk about authorization next.

remember that i only gave this user data writer and data reader roles (for mybucket). so, if i authenticate and insert a document now, it works. 

var cluster = new cluster(new clientconfiguration
{
    servers = new list<uri> { new uri("http://localhost:8091") }
});
var authenticator = new passwordauthenticator("myuser", "password");
cluster.authenticate(authenticator);
var bucket = cluster.openbucket("mybucket");

// insert a document, this should be allowed
var result = bucket.insert(guid.newguid().tostring(), new {foo = "bar"});
console.writeline("insert was successful: " + result.success);

but if i tried to, for instance, execute a n1ql (sql for json) query , then it would fail. this is because that user is not authorized to execute queries. 

var queryresult = bucket.query<int>("select count(1) from `" + bucket.name + "`");
console.writeline("query was successful: " + queryresult.success);
queryresult.errors.foreach(e => console.writeline("error: " + e.message));

i’m just doing a simple count(1) aggregation query. since that user is not authorized, here’s what’s displayed:

one more thing

if you are worried about the effect this will have on upgrading from couchbase server 4.x to couchbase server 5.0, then here’s a tip. if you create a user with the same name as the bucket (e.g. a bucket called “foo” and a user named “foo”), then the older couchbase.net apis that still expect a bucket password will work as before. just give that user a “cluster admin” role for now. this is a good temporary fix until you can re-engineer your system to use a regimented approach to the role.

summary

couchbase server 5.0 is out now in beta! the role-based authentication (rbac) features make couchbase a leader in document database security, and i’m personally very pleased that couchbase is going in this direction. security is important, but too often overlooked by developers.

authentication Couchbase Server

Published at DZone with permission of Matthew Groves, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • How Does Continuous Testing Improve DevOps?
  • React.JS: The Best Technology for Application Development
  • When NOT To Choose Amazon MSK Serverless for Apache Kafka?
  • What Is the Fastest Way to Solve a Machine Learning Problem?
Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo