Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Authentication error when writing

More
24 Jun 2022 16:19 #11012 by SolutionNow
Yes, I came to the same conclusion. The machine producer anticipated this problem considering they even mention it in the tutorial, it would have been better if they had just fixed the problem. I will try the solution you suggest. Thanks

Please Log in or Create an account to join the conversation.

More
24 Jun 2022 13:17 #11011 by support
Without analyzing the communication (which we may have to do if other attempts fail), I can only hypothesise that the following is happening:

The server only has an endpoint that provides no UA security (as can be seen from the picture you provided). And, you want to authenticate the client-side user via the username/password authentication. This is an insecure combination, which should be avoided (and as such, is specifically addressed in OPC UA spec) - it means that the password would be sent in clear text on the wire, and can be eavesdropped. When user authentication is needed, the server should be configured to have encrypted endpoint(s) as well.

The UaExpert error message tries to tell you this - and you are overriding it.

In QuickOPC, (again this is just an educated guess), because the UAEndpointDescriptor you are passing in actually contains two user identity tokens - one "Anonymous", and the other with the user name and password - QuickOPC probably chooses the Anonymous one and does not actually end up using the username&password you provided. But since the server is configured to only allow connections from authenticated users, it rejects the Anonymous user.

Please try this: After the statement
sServer = ((UAEndpointDescriptor)uri).WithUserNameIdentity([UserName], [Password]);

put this:
sServer.UserIdentity.AnonymousTokenInfo.IsEnabled = false;

Best regards

Please Log in or Create an account to join the conversation.

More
23 Jun 2022 14:15 #11010 by SolutionNow
Here are the advanced settings also if that helps, although I didn't change anything from the default values.
Attachments:

Please Log in or Create an account to join the conversation.

More
23 Jun 2022 14:11 #11009 by SolutionNow
Yes, I enter the user name and password with UAExpert as well.

Please Log in or Create an account to join the conversation.

More
23 Jun 2022 13:46 - 23 Jun 2022 13:47 #11008 by support
Thank you, that is what I wanted.

Now please back to question 3. You have explained what you do in the program. But, are you doing an equivalent of this when you test from UaExpert? That is, do you enter the username and password in the uaExpert as well?

Regards
Last edit: 23 Jun 2022 13:47 by support.

Please Log in or Create an account to join the conversation.

More
23 Jun 2022 13:38 #11007 by SolutionNow
You're right, sorry I was thinking endpoint is synonymous with NodeID. This is how I see it:
Attachments:

Please Log in or Create an account to join the conversation.

More
23 Jun 2022 13:15 #11006 by support
Hello,
thank you. You are misunderstanding the term "endpoint". What I had in mind was similar to this - how does it look to you, and which endpoint are you selecting?:



Best regards
Attachments:

Please Log in or Create an account to join the conversation.

More
23 Jun 2022 12:17 #11005 by SolutionNow
1. QuickOPC 2018.3
2. .NET Framework 4.6.2
4 (I'll answer this first as #3 is more complicated) Yes, we pass in a UserName and password like this:
sServer = ((UAEndpointDescriptor)uri).WithUserNameIdentity([UserName], [Password]);
3. The list of available endpoints is very very long.

Here you can see the parameter which I tried to write to (the first error message from my previous post):


The second endpoint is the method, and in fact I'm still not entirely clear when I call CallMethod() what endpoint is considered the MethodID and which is the MethodNodeID. There is a parent node QUEUE.XML:


with an endpoint that ends with i=3030. This parent node then has several child parameters and methods including the one I tried to call in the second error I posted below, the method Open:


which you can see has an endpoint ending with i=3042. Is it correct to set both the parameters methodID and methodNodeID with the endpoint ending with i=3042?
Attachments:

Please Log in or Create an account to join the conversation.

More
23 Jun 2022 11:02 #11004 by support
Hello.

I have some additional questions.

1. Which QuickOPC version are you using?
2. Are you targeting .NET Framework, or .NET Core/.NET 5+?
3. In UAExpert, you are selecting from different endpoints (endpoint configurations) of the server. Can you please post here the picture of which server endpoints are available, and which one you are selecting? (or email it to support (at) opclabs.com if it contains anything confidential).
4. In UAExpert, are you entering a user name or password to authenticate, at any point along the way?

Best regards

Please Log in or Create an account to join the conversation.

More
23 Jun 2022 10:10 #11003 by SolutionNow
Hello,

I'm having difficulty writing values to an OPC Server. In general, I can read and monitor parameter values without any problem, but when I try to write to a parameter or call a method I'm getting authorization errors.

I am trying to replicate a process for writing to the server sent by the producer of the machine with the server that shows a step-by-step tutorial for writing using UAExpert. One suspicious step in this tutorial regards the authentication process, which after entering the username and password advises that UAExpert will show this warning dialog:


In UAExpert however, once this dialog is ignored, writing to parameters and calling methods works fine. With our program however I am getting first this error when writing to a parameter:

Error Message: OPC-UA service result - (no description available) = BadSecureChannelClosed.
---- SERVICE RESULT ----
Status Code: {BadSecureChannelClosed} = 0x80860000 (2156265472)
-=-=-
---- REMARKS ----
The server may have rejected the connection because it does not trust the client (e.g. certificate problem); check the diagnostics on the server side, if possible.
A possible cause of this error could also be that the OPC-UA server is not running, or that it has rejected the connection due to security reasons.
 
+ The SDK action called was "Session.Read".
+ Following (9) events were gathered during the action on activity ID [1], in the order of first occurrence:
  SDK trace: Read Called. RequestHandle=36, PendingRequestCount=3
  [33] SDK trace: TCPCLIENTCHANNEL SOCKET CLOSED: 000012BC, ChannelId=1
  [35] Exception: {Opc.Ua.ServiceResultException} BadSecureChannelClosed
  [21] Exception: {Opc.Ua.ServiceResultException} BadSecureChannelClosed
  SDK trace: Read Completed. RequestHandle=36, PendingRequestCount=1, StatusCode=Bad
  [35] SDK trace: Publish Completed. RequestHandle=0, PendingRequestCount=2, StatusCode=Bad
  [21] SDK trace: Publish Completed. RequestHandle=0, PendingRequestCount=0, StatusCode=Bad
  [21] SDK trace: Publish #11, Reconnecting=False, Error: BadSecureChannelClosed
  [35] SDK trace: Publish #12, Reconnecting=False, Error: BadSecureChannelClosed
+ Events starting with activity ID in [] may not necessarily be related to the current action.
+ The client method called was 'WriteMultiple'.
Stack: 
   in OpcLabs.EasyOpc.UA.Toolkit.UAClientSession.InternalReadAttributes(UAReadEntry[] readEntryArray, Double maximumAge, TimestampsToReturn sdkTimestampsToReturn, Exception[]& exceptionArray, UAAttributeData[]& attributeDataArray, List`1[]& warningsArray)
   in OpcLabs.EasyOpc.UA.Toolkit.UAClientSession.ReadAttributes(UAReadEntry[] readEntryArray, Double maximumAge, TimestampsToReturn sdkTimestampsToReturn, Exception[]& exceptionArray, UAAttributeData[]& attributeDataArray, List`1[]& warningsArray)
   in OpcLabs.EasyOpc.UA.Toolkit.UASmartSession.ReadAttributes(UAReadEntry[] readEntryArray, Double[] maximumAgeArray, Exception[]& exceptionArray, UAAttributeData[]& attributeDataArray, List`1[]& warningsArray)
   in OpcLabs.EasyOpc.UA.Implementations.NetSdk.Internal.EasyUASession.ReadListInternal(List`1 readList, UAAttributeDataResult[] attributeDataResultArray)
   in OpcLabs.EasyOpc.UA.Implementations.NetSdk.Internal.EasyUASession.ReadList(List`1 readList, UAAttributeDataResult[] attributeDataResultArray)
   in OpcLabs.EasyOpc.UA.Implementations.NetSdk.Internal.EasyUASession.<ReadTypeInformation>d__24.MoveNext()
   in OpcLabs.EasyOpc.UA.Implementations.NetSdk.Internal.EasyUASession.ObtainTypeInformationInternal(ValueArguments`1[] nodeDescriptorArgumentsArray, ValueResult`1[] typeInformationResultArray)
   in OpcLabs.EasyOpc.UA.Implementations.NetSdk.Internal.EasyUASession.ObtainTypeInformation(IEnumerable`1 nodeDescriptorArgumentsEnumerable)
   in OpcLabs.EasyOpc.UA.Implementations.NetSdk.Internal.EasyUASession.ResolveWriteList(List`1 resolveWriteList, ICollection`1 internalWriteList, UAWriteResult[] writeResultArray)
   in OpcLabs.EasyOpc.UA.Implementations.NetSdk.Internal.EasyUASession.WriteList(List`1 writeList, UAWriteResult[] writeResultArray)
   in OpcLabs.EasyOpc.UA.Implementations.NetSdk.Internal.EasyUAEngine.Write(ICollection`1 writeListDictionary, UAWriteResult[] writeResultArray)
   in OpcLabs.EasyOpc.UA.Implementations.NetSdk.Internal.EasyUAEngine.WriteAttributes(UAWriteArguments[] writeArgumentsArray, EasyUAAdaptableParameters easyUAAdaptableParameters)
   in OpcLabs.EasyOpc.UA.Implementations.NetSdk.Internal.NetSdkEasyUAClient.DisposeGuard[TResult](Func`1 func)
   in OpcLabs.EasyOpc.UA.Implementations.NetSdk.Internal.NetSdkEasyUAClient.WriteMultiple(UAWriteArguments[] writeArgumentsArray)
   in OpcLabs.EasyOpc.UA.Internal.DataConvertingEasyUAClient.WriteMultiple(UAWriteArguments[] writeArgumentsArray)
   in OpcLabs.EasyOpc.UA.Internal.LicensingEasyUAClient.WriteMultiple(UAWriteArguments[] writeArgumentsArray)
   in OpcLabs.BaseLib.Collections.Generic.Extensions.IReadOnlyListExtension.SwitchCase[TInput,TOutput,TKey](IReadOnlyList`1 readOnlyList, Func`2 keySelector, IEqualityComparer`1 keyComparer, Func`3 outputSelector)
   in OpcLabs.EasyOpc.UA.Internal.MultiplexingEasyUAClient.WriteMultiple(UAWriteArguments[] writeArgumentsArray)
   in OpcLabs.EasyOpc.UA.Internal.ExceptionProcessingEasyUAClient.WriteMultiple(UAWriteArguments[] writeArgumentsArray)
   in OpcLabs.EasyOpc.UA.IEasyUAClientExtension.WriteMultipleValues(IEasyUAClient client, UAWriteValueArguments[] writeValueArgumentsArray)
   in OpcLabs.EasyOpc.UA.IEasyUAClientExtension.WriteValue(IEasyUAClient client, UAWriteValueArguments writeValueArguments)
   in OpcLabs.EasyOpc.UA.IEasyUAClientExtension.WriteValue(IEasyUAClient client, UAEndpointDescriptor endpointDescriptor, UANodeDescriptor nodeDescriptor, Object value)[...]

and then this error when calling the method:
Error Site:  Error Message: OPC-UA service result - Endpoint does not supported the user identity type provided. = BadUserAccessDenied.
---- SERVICE RESULT ----
Status Code: {BadUserAccessDenied} = 0x801F0000 (2149515264)
Description: Endpoint does not supported the user identity type provided.
---- REMARKS ----
This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
If you are identifying the client user by a user name token, it could be that the user name/password combination is incorrect.
 
+ The SDK action called was "static Session.Create".
+ This is a client-side error.
+ The client method called was 'CallMultipleMethods'.
Stack: 
Opc.Ua.Client

I am only guessing that the authentication warning seen in UAExpert is creating problems here, is it possibile? Any alternatives I could test?

Thanks in advance
Attachments:

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.087 seconds