Client AddNodes

Questions regarding the use of the .NET SDK 2.0 for Server or Client development or integration into customer products ...

Moderator: uasdknet

Post Reply
martycav
Jr. Member
Jr. Member
Posts: 2
Joined: 11 Sep 2013, 20:59

Client AddNodes

Post by martycav »

I'm trying to develop a UA aggregating server which will allow a client to discover other UA servers and add their nodes to the aggregator server.
My attempts to use the client based AddNodes method have resulted in a returned error status of BadUserAccessDenied. There is also some code in the
Getting Started Client, which has been commented out, which results in the same error message, when used in conjunction with the UADemo
server (or my development servers). From browsing the FAQs, it appears that client based node management is possible (at least in C++), but that it
requires configuring the server security to allow client based node creation (Demo server access control example?).

I have two questions:
Is client based node management available with the .Net based SDK; and if so how does one configure the server to allow client based node management?

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: Client AddNodes

Post by Support Team »

Not sure why you implement an aggregating server, as the UaGateway already provides such functionality. But anyway, as the node creation through UA is an "administrative" function the server should protect itself by allowing such function only for authenticated clients and/or users respectively. Typically the server will reject such call unless the user is propery authenticated.

Our ANSI C DemoServer shows this by introducing his own user management (see documentation for details) and the C++ Server by default is connected to the Windows user management (can be of course use different authentication as well). In the .NET Demo Server the AddNodes is disabled by default, as it makes not nuch sense in the Demo. However, each node manager has to decide by itself to allow AddNodes or not. Within the subclass it can be enabled just by overwriting HasAccessToAddNode().

Best Regards
Support Team

martycav
Jr. Member
Jr. Member
Posts: 2
Joined: 11 Sep 2013, 20:59

Re: Client AddNodes

Post by martycav »

I have a case where there needs to be a aggregation server, to expose the data model
and provide control for the automation applications. However, the items that are
to aggregated are separate objects, which control their own devices. These objects
can be added, deleted, or changed, some during operation. In addition, each instance
of the aggregation server (different physical locations) will face a different set of control objects.

What I am thinking of is a configuration client, which can discover which objects
are online, and configure the aggregation server to expose their setpoints and
measurement to the external world. Right now, there appears to two ways of
configuring the aggregation server: 1) through the client based AddNode capability
or 2) through an expose server method which will add the nodes.

It appears that the client based AddNodes method is more secure, since the aggregation
can be exposed to the world. Of course, some form of authentication/access control
will need to be enforced on either technique.

If you wish to delve deeper into the problem, I would be available to discuss the
matter. Just don't wish to do this on a public forum.

Thanks for the quick response.

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: Client AddNodes

Post by Support Team »

Absolutely agreed that this public forum is not the place for discussing internals.

From the 2 approaches you mentioned, the "AddNodes is the more generic one. But as your "Configuration Client" want to achieve more than just modifying the address space, you may want to consider exposing some "specialized" method in you server e.g. ExposeNodeToUsers(NodeID, usergroup) and by this changing the access rule for this node. Of course such methods should be protected by authentication.

The plug/remove of devices resulting in add/delete objects within your server, not nessicarily needs to be "configured" by an external client. The internal server implementation can detect comming and going of devices and create the objects accordingly. The server can fire "ModelChangeEvent" to inform all connected clients about changes in the server's address space.

Best Regards
Support Team.

Post Reply