Contents x
    Security
    • 04 Sep 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Security

    • Updated on 04 Sep 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Security

    Authorization/Authentication

    An authentication system is in place. All methods called must be authenticated. The authentication key today comprises a username and password. The API controllers verify that the key is correct. Initial access checks used Basic Authentication (BA) implementation. This has now been expanded, supporting:

    1. Kerberos Authentication
    2. Basic Authentication
    3. No Authentication
    4. JSON Web Token (OAuth)

    This is configured in the Application Setttings - SafranWebApiAuthenticationType.

    Encryption

    The Web Services API require SSL. This ensures that all communication is encrypted with all standard HTTP requests being rejected.

    The Safran database user

    In addition to what is listed in Safran User, additional security could be achieved when the API is to have read-only access to the database.

    If you wish to lock down any update of the Safran data, one option would be to create a new database role, similar to the standard Safran powerplan, this is for Microsoft DBMS, where the role is only granted select access to the Safran database tables. Alternatively use a role already present in your database. Place the API database user into that new database role. A standard db_datareader in Microsoft DBMS could be used for this. With this, the API will no longer be able to alter any Safran data.

    ALTER ROLE db_datareader ADD MEMBER SAFRANWEBAPI_READONLY;


    The database connection string, version 7.3 and earlier

    The database connection string, version 7.3 and earlier

    The web.config file holds the database connection details. Typically the details contains user and password in clear text. That is not always desirable in a production environment. This is why the connection strings should be encrypted. You can use ASP.NET IIS Registration Tool (aspnet_regiis.exe) to encrypt and decrypt your connections strings.

    For a single server encryption/decryption the following steps could be used:

    Please notice that the location used below might be different on your installation.

    1. Run Command Prompt as Administrator.
    2. Go to C:\Windows\Microsoft.NET\Framework\v4.0.30319
    3. Perform the command below to encrypt the connection string in your web.config:
      1. ASPNET_REGIIS -pef "connectionStrings" "c:\inetpub\wwwroot\SafranIntegrationAPI"
    4. Open web.config and check if the connection string is encrypted.
    5. Test the API site.
    6. If you want to decrypt it back, run this command:
      1. ASPNET_REGIIS -pdf "connectionStrings" "c:\inetpub\wwwroot\SafranIntegrationAPI"
    7. Open the web.config and check if the connection string is decrypted.

    Was this article helpful?
    What's Next