Hello,
I've implemented a serverCallback class that handles the creation of sessions as well as handles the logging in of users to our server. I'm curious if there is a capability to return a specific error message to the client based on their login information. I already have a system in place to construct the error message based on different login situations (no registered user, invalid password, etc.) i'm just unsure as to how to push this information to the client. Any pointers would be much appreciated.
Thanks,
Kyle
Return error message to client from logonSessionUser
Moderator: uasdkcpp
-
- Sr. Member
- Posts: 10
- Joined: 16 Apr 2015, 21:32
- Support Team
- Hero Member
- Posts: 3068
- Joined: 18 Mar 2011, 15:09
Re: Return error message to client from logonSessionUser
Hi,
There are two parts of the answer:
(1) How to transport error text to client
OPC UA provides a concept called diagnostic information that allows servers to return additional information for every status code returned from the server. The diagnostic information can be set on the UaStatus returned by UaServerApplicationCallback::logonSessionUser(). The information can be set with UaStatus::setDiagnosticInfo().
(2) Security implications
From a security point of view it is not recommended to return specific error information that gives an attacker additional information. To tell the client that the user is known but the password is invalid is a bad idea.
The recommendation is that such information is provided in a server log or in Audit Events.
Best Regards,
Unified Automation Support Team
There are two parts of the answer:
(1) How to transport error text to client
OPC UA provides a concept called diagnostic information that allows servers to return additional information for every status code returned from the server. The diagnostic information can be set on the UaStatus returned by UaServerApplicationCallback::logonSessionUser(). The information can be set with UaStatus::setDiagnosticInfo().
(2) Security implications
From a security point of view it is not recommended to return specific error information that gives an attacker additional information. To tell the client that the user is known but the password is invalid is a bad idea.
The recommendation is that such information is provided in a server log or in Audit Events.
Best Regards,
Unified Automation Support Team
-
- Sr. Member
- Posts: 10
- Joined: 16 Apr 2015, 21:32
Re: Return error message to client from logonSessionUser
Oh, I had no idea the message was part of the object itself, I had figured the status was simply an unsigned int. Thanks for the tips!