var cluster = new Cluster(new ClientConfiguration
{
Servers = new List<Uri> { new Uri("http://localhost:8091") }
});Posts tagged with 'c'
This is a repost that originally appeared on the Couchbase Blog: Logging with Log4Net and Common Logging.
Logging with Common.Logging, log4net, and the Couchbase .NET SDK is demonstrated in this video.
The source code for the logging example used in this video is available on Github.
For more information about logging, check out the logging documentation on the developer portal.
If you have questions or feedback, please contact me at matthew.groves@couchbase.com, or on @mgroves at Twitter, or just leave a comment below.
This is a special crossover episode of Cross Cutting Concerns with the Eat Sleep Code podcast, hosted by Ed Charbeneau (Microsoft MVP). This was recorded at the Stir Trek conference.
Show Notes:
- Eric Brewer: One of his recent blog posts was about Cloud Spanner and the CAP Theorum
- Check out the blogs at Telerik, and check out Ed on Telerik's developer portal
- Couchcase: Github repo, blog posts
- Ed's website, EdCharbeneau.com
- Machine Learning for Developers
- This episode was published to Microsoft's Channel 9 and also Telerik's Develper Portal
Want to be on the next episode? You can! All you need is the willingness to talk about something technical.
Theme music is "Crosscutting Concerns" by The Dirty Truckers, check out their music on Amazon or iTunes.
Michael Bowman is writing functional tests with F# and Canopy.
Show Notes:
Want to be on the next episode? You can! All you need is the willingness to talk about something technical.
Theme music is "Crosscutting Concerns" by The Dirty Truckers, check out their music on Amazon or iTunes.
This is a repost that originally appeared on the Couchbase Blog: Authentication and Authorization with RBAC in .NET.
Authentication and authorization are vastly improved in Couchbase Server 5.0. We’ve been blogging about the new RBAC features in the developer preview for a while.
-
Authentication and Authorization with RBAC - introduction / part 1
-
Authentication and Authorization with RBAC (Part 2) - managing users
-
Improved SDK Authentication Methods - Couchbase 5.0 - an introduction featuring Python, Java, PHP, and .NET
Now that Couchbase Server 5.0 is released, I’m writing a more in-depth blog post about how to use the Couchbase .NET SDK along with these new features.
The full code samples used in this blog post are available for you on Github.
Create a bucket
As I mentioned in the previous posts, the days of buckets with passwords are gone. The future belongs to users—​users that have specific permission(s) to specific bucket(s).
Let’s start by creating a bucket. In the Couchbase UI, login as the Administrator that you created when you installed Couchbase. Go to "Buckets" and click "ADD BUCKET" (top right). You will see the "Add Data Bucket" dialog. Notice that there is no longer a "password" field (not even in "Advanced bucket settings").
Give the bucket a name and some amount of memory, and click "Add Bucket". Now you have a bucket. But, other than an Administrator in the UI, no one can access this bucket yet.
Create a user
In order to get access to this bucket, you must create a user. In Couchbase 5.0, "users" are an entirely new feature, bringing richer authentication and authorization features to Couchbase Server.
While still logged in as an administrator, go to "Security" to see a list of users. Click "ADD USER" (top right).
Create a user with whatever name and password you’d like. You can choose which roles the user has, and for which buckets (when applicable). Let’s give this user Data Writer and Data Reader roles, for the bucket that was just created (e.g. "mybucket"), but NOT any Query roles.
Once the user is added, you can hover over the roles to get a description of what the role means.
Authentication and authorization with the Couchbase .NET SDK
Now that we have a bucket and a user, let’s see how to use them with the .NET SDK.
Start by creating a Cluster object.
You have a cluster, but your program has not been authenticated yet. Use a PasswordAuthenticator object to specify the credentials. Then, use that object with the cluster’s Authenticate method. In this example below, I’m using incorrect credentials.
var authenticator = new PasswordAuthenticator("myuser", "wrongpassword");
cluster.Authenticate(authenticator);Now, if I try to perform an operation like OpenBucket on the cluster, an exception is thrown.
try
{
var bucket = cluster.OpenBucket("mybucket");
}
catch (Exception ex)
{
Console.WriteLine("Error getting bucket.");
Console.WriteLine(ex.Message);
}
Now, let’s try it again using the correct credentials. Authentication will work. But let’s talk about authorization next.
Remember that I only gave this user Data Writer and Data Reader roles (for mybucket). So, if I authenticate and insert a document now, it works.
var cluster = new Cluster(new ClientConfiguration
{
Servers = new List<Uri> { new Uri("http://localhost:8091") }
});
var authenticator = new PasswordAuthenticator("myuser", "password");
cluster.Authenticate(authenticator);
var bucket = cluster.OpenBucket("mybucket");
// insert a document, this should be allowed
var result = bucket.Insert(Guid.NewGuid().ToString(), new {foo = "bar"});
Console.WriteLine("Insert was successful: " + result.Success);
But if I tried to, for instance, execute a N1QL (SQL for JSON) query, then it would fail. This is because that user is not authorized to execute queries.
var queryResult = bucket.Query<int>("SELECT COUNT(1) FROM `" + bucket.Name + "`");
Console.WriteLine("Query was successful: " + queryResult.Success);
queryResult.Errors.ForEach(e => Console.WriteLine("Error: " + e.Message));I’m just doing a simple COUNT(1) aggregation query. Since that user is not authorized, here’s what’s displayed:
One more thing
If you are worried about the effect this will have on upgrading from Couchbase Server 4.x to Couchbase Server 5.0, then here’s a tip. If you create a user with the same name as the bucket (e.g. a bucket called "foo" and a user named "foo"), then the older Couchbase .NET APIs that still expect a bucket password will work as before. Just give that user a "Cluster Admin" role for now. This is a good temporary fix until you can re-engineer your system to use a regimented approach to role.
Summary
Couchbase Server 5.0 is out now in beta! These role-based authentication (RBAC) features make Couchbase a leader in document database security, and I’m personally very pleased that Couchbase is going in this direction. Security is important, but too often overlooked by developers.
If you have any questions, please ask away in the Couchbase Forums, leave a comment below, or ping me on Twitter @mgroves.
More great guests in June. I managed to trap some great guests in the hallways at Stir Trek.
Subscribe now!
Here's what's coming in June:
- Michael Bowman on F# and Canopy
- Brett Whittington on Secure Data in Motion
- Charles Husemann on Agile Metrics
- Seth Petry-Johnson shares a story about the Art of the Possible
Subscribe now with your podcatcher of choice!
Want to be on the next episode? You can! All you need is the willingness to talk about something technical.
