dohertj2/lmxopcua
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add authentication and role-based write access control

Browse Source 
Implements configurable user authentication (anonymous + username/password)
with pluggable credential provider (IUserAuthenticationProvider). Anonymous
writes can be disabled via AnonymousCanWrite setting while reads remain
open. Adds -U/-P flags to all CLI commands for authenticated sessions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Joseph Doherty
2026-03-27 02:14:37 -04:00
parent b27d355763
commit bbd043e97b
24 changed files with 499 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tools/opcuacli-dotnet/Commands/AlarmsCommand.cs
View File

@@ -15,6 +15,12 @@ public class AlarmsCommand : ICommand
[CommandOption("url", 'u', Description = "OPC UA server endpoint URL", IsRequired = true)]
public string Url { get; init; } = default!;
[CommandOption("username", 'U', Description = "Username for authentication")]
public string? Username { get; init; }
[CommandOption("password", 'P', Description = "Password for authentication")]
public string? Password { get; init; }
/// <summary>
/// Gets the node to subscribe to for event notifications, typically a source object or the server node.
/// </summary>
@@ -39,7 +45,7 @@ public class AlarmsCommand : ICommand
/// <param name="console">The CLI console used for cancellation and alarm-event output.</param>
public async ValueTask ExecuteAsync(IConsole console)
{
using var session = await OpcUaHelper.ConnectAsync(Url);
using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
var nodeId = string.IsNullOrEmpty(NodeId)
? ObjectIds.Server

8
tools/opcuacli-dotnet/Commands/BrowseCommand.cs
View File

@@ -15,6 +15,12 @@ public class BrowseCommand : ICommand
[CommandOption("url", 'u', Description = "OPC UA server endpoint URL", IsRequired = true)]
public string Url { get; init; } = default!;
[CommandOption("username", 'U', Description = "Username for authentication")]
public string? Username { get; init; }
[CommandOption("password", 'P', Description = "Password for authentication")]
public string? Password { get; init; }
/// <summary>
/// Gets the optional node identifier to browse from; defaults to the OPC UA Objects folder.
/// </summary>
@@ -39,7 +45,7 @@ public class BrowseCommand : ICommand
/// <param name="console">The console used to emit browse output.</param>
public async ValueTask ExecuteAsync(IConsole console)
{
using var session = await OpcUaHelper.ConnectAsync(Url);
using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
var startNode = string.IsNullOrEmpty(NodeId)
? ObjectIds.ObjectsFolder

8
tools/opcuacli-dotnet/Commands/ConnectCommand.cs
View File

@@ -13,13 +13,19 @@ public class ConnectCommand : ICommand
[CommandOption("url", 'u', Description = "OPC UA server endpoint URL", IsRequired = true)]
public string Url { get; init; } = default!;
[CommandOption("username", 'U', Description = "Username for authentication")]
public string? Username { get; init; }
[CommandOption("password", 'P', Description = "Password for authentication")]
public string? Password { get; init; }
/// <summary>
/// Connects to the OPC UA endpoint and prints the resolved server metadata.
/// </summary>
/// <param name="console">The console used to report connection results.</param>
public async ValueTask ExecuteAsync(IConsole console)
{
using var session = await OpcUaHelper.ConnectAsync(Url);
using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
await console.Output.WriteLineAsync($"Connected to: {session.Endpoint.EndpointUrl}");
await console.Output.WriteLineAsync($"Server: {session.Endpoint.Server!.ApplicationName}");
await console.Output.WriteLineAsync($"Security Mode: {session.Endpoint.SecurityMode}");

8
tools/opcuacli-dotnet/Commands/HistoryReadCommand.cs
View File

@@ -15,6 +15,12 @@ public class HistoryReadCommand : ICommand
[CommandOption("url", 'u', Description = "OPC UA server endpoint URL", IsRequired = true)]
public string Url { get; init; } = default!;
[CommandOption("username", 'U', Description = "Username for authentication")]
public string? Username { get; init; }
[CommandOption("password", 'P', Description = "Password for authentication")]
public string? Password { get; init; }
/// <summary>
/// Gets the node identifier for the historized variable to query.
/// </summary>
@@ -57,7 +63,7 @@ public class HistoryReadCommand : ICommand
/// <param name="console">The CLI console used for output, errors, and cancellation handling.</param>
public async ValueTask ExecuteAsync(IConsole console)
{
using var session = await OpcUaHelper.ConnectAsync(Url);
using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
var nodeId = new NodeId(NodeId);
var start = string.IsNullOrEmpty(StartTime) ? DateTime.UtcNow.AddHours(-24) : DateTime.Parse(StartTime).ToUniversalTime();

8
tools/opcuacli-dotnet/Commands/ReadCommand.cs
View File

@@ -15,6 +15,12 @@ public class ReadCommand : ICommand
[CommandOption("url", 'u', Description = "OPC UA server endpoint URL", IsRequired = true)]
public string Url { get; init; } = default!;
[CommandOption("username", 'U', Description = "Username for authentication")]
public string? Username { get; init; }
[CommandOption("password", 'P', Description = "Password for authentication")]
public string? Password { get; init; }
/// <summary>
/// Gets the node identifier whose value should be read.
/// </summary>
@@ -27,7 +33,7 @@ public class ReadCommand : ICommand
/// <param name="console">The console used to report the read result.</param>
public async ValueTask ExecuteAsync(IConsole console)
{
using var session = await OpcUaHelper.ConnectAsync(Url);
using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
var node = new NodeId(NodeId);
var value = await session.ReadValueAsync(node);

8
tools/opcuacli-dotnet/Commands/SubscribeCommand.cs
View File

@@ -15,6 +15,12 @@ public class SubscribeCommand : ICommand
[CommandOption("url", 'u', Description = "OPC UA server endpoint URL", IsRequired = true)]
public string Url { get; init; } = default!;
[CommandOption("username", 'U', Description = "Username for authentication")]
public string? Username { get; init; }
[CommandOption("password", 'P', Description = "Password for authentication")]
public string? Password { get; init; }
/// <summary>
/// Gets the node identifier to monitor for value changes.
/// </summary>
@@ -33,7 +39,7 @@ public class SubscribeCommand : ICommand
/// <param name="console">The console used to display subscription updates.</param>
public async ValueTask ExecuteAsync(IConsole console)
{
using var session = await OpcUaHelper.ConnectAsync(Url);
using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
var subscription = new Subscription(session.DefaultSubscription)
{

8
tools/opcuacli-dotnet/Commands/WriteCommand.cs
View File

@@ -15,6 +15,12 @@ public class WriteCommand : ICommand
[CommandOption("url", 'u', Description = "OPC UA server endpoint URL", IsRequired = true)]
public string Url { get; init; } = default!;
[CommandOption("username", 'U', Description = "Username for authentication")]
public string? Username { get; init; }
[CommandOption("password", 'P', Description = "Password for authentication")]
public string? Password { get; init; }
/// <summary>
/// Gets the node identifier that should receive the write.
/// </summary>
@@ -33,7 +39,7 @@ public class WriteCommand : ICommand
/// <param name="console">The console used to report the write result.</param>
public async ValueTask ExecuteAsync(IConsole console)
{
using var session = await OpcUaHelper.ConnectAsync(Url);
using var session = await OpcUaHelper.ConnectAsync(Url, Username, Password);
var node = new NodeId(NodeId);
var current = await session.ReadValueAsync(node);