Add authentication and role-based write access control

Implements configurable user authentication (anonymous + username/password) with pluggable credential provider (IUserAuthenticationProvider). Anonymous writes can be disabled via AnonymousCanWrite setting while reads remain open. Adds -U/-P flags to all CLI commands for authenticated sessions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 02:14:37 -04:00
parent b27d355763
commit bbd043e97b
24 changed files with 499 additions and 34 deletions
--- a/tools/opcuacli-dotnet/README.md
+++ b/tools/opcuacli-dotnet/README.md
@@ -5,6 +5,21 @@ Command-line utility for testing OPC UA server functions. Built with the [OPC Fo
 - **Runtime**: .NET 10
 - **OPC UA Client**: OPCFoundation.NetStandard.Opc.Ua.Client

+## Authentication
+
+All commands accept optional authentication flags:
+
+| Flag | Description |
+|------|-------------|
+| `-U` | Username for authentication |
+| `-P` | Password for authentication |
+
+Without credentials, the client connects anonymously. Example:
+
+```
+dotnet run -- write -u opc.tcp://localhost:4840/LmxOpcUa -n "ns=1;s=TestMachine_001.MachineID" -v "Hello" -U operator -P op123
+```
+
 ## Build & Run

 ```bash