Add authentication and role-based write access control

Implements configurable user authentication (anonymous + username/password) with pluggable credential provider (IUserAuthenticationProvider). Anonymous writes can be disabled via AnonymousCanWrite setting while reads remain open. Adds -U/-P flags to all CLI commands for authenticated sessions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 02:14:37 -04:00
parent b27d355763
commit bbd043e97b
24 changed files with 499 additions and 34 deletions
--- a/tools/opcuacli-dotnet/OpcUaHelper.cs
+++ b/tools/opcuacli-dotnet/OpcUaHelper.cs
@@ -11,7 +11,7 @@ public static class OpcUaHelper
    /// </summary>
    /// <param name="endpointUrl">The OPC UA endpoint URL to connect to.</param>
    /// <returns>An active OPC UA client session.</returns>
-    public static async Task<Session> ConnectAsync(string endpointUrl)
+    public static async Task<Session> ConnectAsync(string endpointUrl, string? username = null, string? password = null)
    {
        var config = new ApplicationConfiguration
        {
@@ -53,13 +53,17 @@ public static class OpcUaHelper
        var endpointConfig = EndpointConfiguration.Create(config);
        var configuredEndpoint = new ConfiguredEndpoint(null, endpoint, endpointConfig);

+        UserIdentity identity = (username != null)
+            ? new UserIdentity(username, System.Text.Encoding.UTF8.GetBytes(password ?? ""))
+            : new UserIdentity();
+
        var session = await Session.Create(
            config,
            configuredEndpoint,
            false,
            "OpcUaCli",
            60000,
-            null,
+            identity,
            null);

        return session;