OPCDA.NET Reference Manual
Security Settings
Send comments on this topic.
OPCDA.NET Client Component > Getting Started > Security Settings

Glossary Item Box

OPC related security settings are a complex issue involving settings on multiple levels:

  1. DCOM configuration
  2. Windows security
  3. .NET Framework security

Configuration settings can be made in many places and there are many default settings that may be different on different machines depending on service pack and history.

The OpcSecurityAnlayzer tool provided with OPCDA.NET helps testing the access with user and credentials definitions and tests different access to different resources. The displayed configuration information and success/error messages indicate where a problem may be and what to look for.

 

Local server access ( server and client on the same machine )

The user running the client application has to be in the server DCOMCnfg Launch and Access lists.

Credentials defined in the Connect method call (internally used in CoCreateInstanceEx) are ignored in the launch of local OPC servers.

 

 

Remote server access ( server on another machine in the local network )

The user running the client application must:

  1. have access rights to the machine with the OPC server
  2. be in the OPC server DCOMCnfg Launch and Access definitions

The server is launched either:

  1. in the user defined in the credentials in the Connect call arguments
  2. the user that started the client application, typically the interactive user

The server access is always done with the client process token (the user that started the client application). The Connect call credentials are used only for the launch.

 

Server callbacks

For the callback the role of server and client are exchanged. The client is the COM server for the callbacks and the server is the client.

To allow all servers to make callback the Authentication Level needs to set to NONE. DCOM configuration settings are not possible for the client application. The configuration setting must therefore be written directly into the Windows registry. OPCDA.NET does this within the handling of the Connect method. However it can do this only if the user running the client application has write permission for the Windows registry HKCR\AppId key.

Copyright © 2002-2018 Advosol Inc. All Rights Reserved.