OPC Studio User's Guide and Reference
UAMessageSecurityModes Enumeration
Example Example 



OpcLabs.EasyOpcUA Assembly > OpcLabs.EasyOpc.UA.Engine Namespace : UAMessageSecurityModes Enumeration
Specifies what security should be applied to messages exchanged during a Session or in PubSub.
Syntax
'Declaration
 
<CLSCompliantAttribute(True)>
<ComVisibleAttribute(True)>
<DisplayName2Attribute("OPC-UA Message Security Modes")>
<FlagsAttribute()>
<GuidAttribute("9E047321-4643-4BA1-8CD8-5CD6F3F3B464")>
Public Enum UAMessageSecurityModes 
   Inherits System.Enum
   Implements System.IComparable, System.IConvertible, System.IFormattable 
'Usage
 
Dim instance As UAMessageSecurityModes
[CLSCompliant(true)]
[ComVisible(true)]
[DisplayName2("OPC-UA Message Security Modes")]
[Flags()]
[Guid("9E047321-4643-4BA1-8CD8-5CD6F3F3B464")]
public enum UAMessageSecurityModes : System.Enum, System.IComparable, System.IConvertible, System.IFormattable  
[CLSCompliant(true)]
[ComVisible(true)]
[DisplayName2("OPC-UA Message Security Modes")]
[Flags()]
[Guid("9E047321-4643-4BA1-8CD8-5CD6F3F3B464")]
public enum class UAMessageSecurityModes : public System.Enum, System.IComparable, System.IConvertible, System.IFormattable  
Members
MemberValueDescription
All7All possible security modes, including no security.
Secure6Any mode that is secure.
SecurityNone1No security is applied.
SecuritySign2All messages are signed but not encrypted.
SecuritySignAndEncrypt4All messages are signed and encrypted.
Remarks

This enumeration allows for the specification of different security modes for OPC-UA communication, ensuring that data integrity, confidentiality, and authenticity can be maintained according to the requirements of the application. It supports a range of security modes from none, through signing, to full signing and encryption, providing flexibility in balancing security needs against performance considerations.

There are implicit conversions from this type to:

Example
// This example shows how to securely subscribe to signed and encrypted dataset messages.
// An external Security Key Service (SKS) is needed (not a part of QuickOPC).
//
// The network messages for this example can be published e.g. using the UADemoPublisher tool - see
// https://kb.opclabs.com/How_to_publish_or_subscribe_to_secure_OPC_UA_PubSub_messages .
//
// Find all latest examples here: https://opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Latest/examples.html .
// OPC client and subscriber examples in C# on GitHub: https://github.com/OPCLabs/Examples-QuickOPC-CSharp .
// Missing some example? Ask us for it on our Online Forums, https://www.opclabs.com/forum/index ! You do not have to own
// a commercial license in order to use Online Forums, and we reply to every post.

using System;
using System.Collections.Generic;
using System.Threading;
using OpcLabs.EasyOpc.UA.Engine;
using OpcLabs.EasyOpc.UA.PubSub;
using OpcLabs.EasyOpc.UA.PubSub.OperationModel;

namespace UASubscriberDocExamples.PubSub._EasyUASubscriber
{
    partial class SubscribeDataSet
    {
        public static void Secure()
        {
            // Define the PubSub connection we will work with. Uses implicit conversion from a string.
            UAPubSubConnectionDescriptor pubSubConnectionDescriptor = "opc.udp://239.0.0.1";
            // In some cases you may have to set the interface (network adapter) name that needs to be used, similarly to
            // the statement below. Your actual interface name may differ, of course.
            //pubSubConnectionDescriptor.ResourceAddress.InterfaceName = "Ethernet";

            // Define the arguments for subscribing to the dataset.
            var subscribeDataSetArguments = new UASubscribeDataSetArguments(pubSubConnectionDescriptor)
            {
                DataSetSubscriptionDescriptor =
                {
                    CommunicationParameters =
                    {
                        // Specifies the security mode for the PubSub network messages received. This is a minimum security
                        // mode that you want to accept.
                        SecurityMode = UAMessageSecurityModes.SecuritySignAndEncrypt,
                        SecurityKeyServiceTemplate =
                        {
                            // Specifies the URL of the SKS (Security Key Service) endpoint.
                            UrlString = "opc.tcp://localhost:48010", 
                            // Specifies the security mode that will be used to connect to the SKS.
                            EndpointSelectionPolicy = UAMessageSecurityModes.SecuritySignAndEncrypt,
                            // Specifies the user name and password used for "logging in" to the SKS.
                            UserIdentity = { UserNameTokenInfo = { UserName = "root", Password = "secret" }}
                        },
                        // Specifies the Id of the security group in the SKS that will be used (the security group in the
                        // SKS is configured to use certain security policy, and has other parameters detailing how the
                        // security keys are generated).
                        SecurityGroupId = "TestGroup"
                    }
                }
            };

            // Instantiate the subscriber object and hook events.
            var subscriber = new EasyUASubscriber();
            subscriber.DataSetMessage += subscriber_DataSetMessage_Secure;

            Console.WriteLine("Subscribing...");
            subscriber.SubscribeDataSet(subscribeDataSetArguments);

            Console.WriteLine("Processing dataset message events for 20 seconds...");
            Thread.Sleep(20 * 1000);

            Console.WriteLine("Unsubscribing...");
            subscriber.UnsubscribeAllDataSets();

            Console.WriteLine("Waiting for 1 second...");
            // Unsubscribe operation is asynchronous, messages may still come for a short while.
            Thread.Sleep(1 * 1000);

            Console.WriteLine("Finished.");
        }

        static void subscriber_DataSetMessage_Secure(object sender, EasyUADataSetMessageEventArgs e)
        {
            // Display the dataset.
            if (e.Succeeded)
            {
                // An event with null DataSetData just indicates a successful connection.
                if (!(e.DataSetData is null))
                {
                    Console.WriteLine();
                    Console.WriteLine($"Dataset data: {e.DataSetData}");
                    foreach (KeyValuePair<string, UADataSetFieldData> pair in e.DataSetData.FieldDataDictionary)
                        Console.WriteLine(pair);
                }
            }
            else
            {
                Console.WriteLine();
                Console.WriteLine($"*** Failure: {e.ErrorMessageBrief}");
            }
        }
    }
}
' This example shows how to securely subscribe to signed and encrypted dataset messages.
' An external Security Key Service (SKS) is needed (not a part of QuickOPC).
'
' The network messages for this example can be published e.g. using the UADemoPublisher tool - see
' https://kb.opclabs.com/How_to_publish_or_subscribe_to_secure_OPC_UA_PubSub_messages .
'
' Find all latest examples here: https://opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Latest/examples.html .
' OPC client and subscriber examples in VB.NET on GitHub: https://github.com/OPCLabs/Examples-QuickOPC-VBNET .
' Missing some example? Ask us for it on our Online Forums, https://www.opclabs.com/forum/index ! You do not have to own
' a commercial license in order to use Online Forums, and we reply to every post.

Imports OpcLabs.EasyOpc.UA.Engine
Imports OpcLabs.EasyOpc.UA.PubSub
Imports OpcLabs.EasyOpc.UA.PubSub.OperationModel

Namespace PubSub._EasyUASubscriber
    Partial Friend Class SubscribeDataSet
        Public Shared Sub Secure()

            ' Define the PubSub connection we will work with. Uses implicit conversion from a string.
            Dim pubSubConnectionDescriptor As UAPubSubConnectionDescriptor = "opc.udp://239.0.0.1"
            ' In some cases you may have to set the interface (network adapter) name that needs to be used, similarly to
            ' the statement below. Your actual interface name may differ, of course.
            'pubSubConnectionDescriptor.ResourceAddress.InterfaceName = "Ethernet";

            ' Define the arguments for subscribing to the dataset.
            Dim subscribeDataSetArguments = New UASubscribeDataSetArguments(pubSubConnectionDescriptor)
            ' Specifies the security mode for the PubSub network messages received. 
            ' This is a minimum security mode that you want to accept.
            subscribeDataSetArguments.DataSetSubscriptionDescriptor.CommunicationParameters.SecurityMode = UAMessageSecurityModes.SecuritySignAndEncrypt
            ' Specifies the URL of the SKS (Security Key Service) endpoint.
            subscribeDataSetArguments.DataSetSubscriptionDescriptor.CommunicationParameters.SecurityKeyServiceTemplate.UrlString = "opc.tcp://localhost:48010"
            ' Specifies the security mode that will be used to connect to the SKS.
            subscribeDataSetArguments.DataSetSubscriptionDescriptor.CommunicationParameters.SecurityKeyServiceTemplate.EndpointSelectionPolicy = UAMessageSecurityModes.SecuritySignAndEncrypt
            ' Specifies the user name and password used for "logging in" to the SKS.
            subscribeDataSetArguments.DataSetSubscriptionDescriptor.CommunicationParameters.SecurityKeyServiceTemplate.UserIdentity.UserNameTokenInfo.UserName = "root"
            subscribeDataSetArguments.DataSetSubscriptionDescriptor.CommunicationParameters.SecurityKeyServiceTemplate.UserIdentity.UserNameTokenInfo.Password = "secret"
            ' Specifies the Id of the security group in the SKS that will be used (the security group in the
            ' SKS is configured to use certain security policy, and has other parameters detailing how the
            ' security keys are generated).
            subscribeDataSetArguments.DataSetSubscriptionDescriptor.CommunicationParameters.SecurityGroupId = "TestGroup"

            ' Instantiate the subscriber object and hook events.
            Dim subscriber = New EasyUASubscriber()
            AddHandler subscriber.DataSetMessage, AddressOf subscriber_DataSetMessage_Secure

            Console.WriteLine("Subscribing...")
            subscriber.SubscribeDataSet(subscribeDataSetArguments)

            Console.WriteLine("Processing dataset message events for 20 seconds...")
            Threading.Thread.Sleep(20 * 1000)

            Console.WriteLine("Unsubscribing...")
            subscriber.UnsubscribeAllDataSets()

            Console.WriteLine("Waiting for 1 second...")
            ' Unsubscribe operation is asynchronous, messages may still come for a short while.
            Threading.Thread.Sleep(1 * 1000)

            Console.WriteLine("Finished...")
        End Sub

        Private Shared Sub subscriber_DataSetMessage_Secure(ByVal sender As Object, ByVal e As EasyUADataSetMessageEventArgs)
            ' Display the dataset.
            If e.Succeeded Then
                ' An event with null DataSetData just indicates a successful connection.
                If e.DataSetData IsNot Nothing Then
                    Console.WriteLine()
                    Console.WriteLine($"Dataset data: {e.DataSetData}")
                    For Each pair As KeyValuePair(Of String, UADataSetFieldData) In e.DataSetData.FieldDataDictionary
                        Console.WriteLine(pair)
                    Next
                End If
            Else
                Console.WriteLine()
                Console.WriteLine($"*** Failure: {e.ErrorMessageBrief}")
            End If
        End Sub
    End Class
End Namespace
REM This example shows how to securely subscribe to signed and encrypted dataset messages.
REM An external Security Key Service (SKS) is needed (not a part of QuickOPC).
REM
REM The network messages for this example can be published e.g. using the UADemoPublisher tool - see
REM https://kb.opclabs.com/How_to_publish_or_subscribe_to_secure_OPC_UA_PubSub_messages .
REM
REM Find all latest examples here: https://opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Latest/examples.html .
REM OPC client and subscriber examples in Visual Basic on GitHub: https://github.com/OPCLabs/Examples-QuickOPC-VB .
REM Missing some example? Ask us for it on our Online Forums, https://www.opclabs.com/forum/index ! You do not have to own
REM a commercial license in order to use Online Forums, and we reply to every post.

' The subscriber object, with events
'Public WithEvents Subscriber6 As EasyUASubscriber

Private Sub EasyUASubscriber_SubscribeDataSet_Secure_Command_Click()
    OutputText = ""

    ' Define the PubSub connection we will work with.
    Dim subscribeDataSetArguments As New EasyUASubscribeDataSetArguments
    Dim ConnectionDescriptor As UAPubSubConnectionDescriptor
    Set ConnectionDescriptor = subscribeDataSetArguments.dataSetSubscriptionDescriptor.ConnectionDescriptor
    ConnectionDescriptor.ResourceAddress.ResourceDescriptor.UrlString = "opc.udp://239.0.0.1"
    ' In some cases you may have to set the interface (network adapter) name that needs to be used, similarly to
    ' the statement below. Your actual interface name may differ, of course.
    'ConnectionDescriptor.ResourceAddress.InterfaceName := 'Ethernet';

    ' Define the arguments for subscribing to the dataset.
    Dim comunicationParameters As New UASubscriberCommunicationParameters
    ' Specifies the security mode for the PubSub network messages received. This is a minimum security
    ' mode that you want to accept.
    comunicationParameters.SecurityMode = UAMessageSecurityModes_SecuritySignAndEncrypt
    ' Specifies the URL of the SKS (Security Key Service) endpoint.
    comunicationParameters.SecurityKeyServiceTemplate.UrlString = "opc.tcp://localhost:48010"
    ' Specifies the security mode that will be used to connect to the SKS.
    Dim endpointSelectionPolicy As New UAEndpointSelectionPolicy
    endpointSelectionPolicy.AllowedMessageSecurityModes = UAMessageSecurityModes_SecuritySignAndEncrypt
    Set comunicationParameters.SecurityKeyServiceTemplate.endpointSelectionPolicy = endpointSelectionPolicy ' UAMessageSecurityModes_SecuritySignAndEncrypt
    ' Specifies the user name and password used for "logging in" to the SKS.
    comunicationParameters.SecurityKeyServiceTemplate.UserIdentity.UserNameTokenInfo.UserName = "root"
    comunicationParameters.SecurityKeyServiceTemplate.UserIdentity.UserNameTokenInfo.Password = "secret"
    ' Specifies the Id of the security group in the SKS that will be used (the security group in the
    ' SKS is configured to use certain security policy, and has other parameters detailing how the
    ' security keys are generated).
    comunicationParameters.securityGroupId = "TestGroup"
    
    Set subscribeDataSetArguments.dataSetSubscriptionDescriptor.CommunicationParameters = comunicationParameters
    
    ' Instantiate the subscriber object and hook events.
    Set Subscriber6 = New EasyUASubscriber
        
    OutputText = OutputText & "Subscribing..." & vbCrLf
    Call Subscriber6.SubscribeDataSet(subscribeDataSetArguments)

    OutputText = OutputText & "Processing dataset message for 20 seconds..." & vbCrLf
    Pause 20000

    OutputText = OutputText & "Unsubscribing..." & vbCrLf
    Subscriber6.UnsubscribeAllDataSets

    OutputText = OutputText & "Waiting for 1 second..." & vbCrLf
    ' Unsubscribe operation is asynchronous, messages may still come for a short while.
    Pause 1000

    Set Subscriber6 = Nothing

    OutputText = OutputText & "Finished." & vbCrLf
End Sub

Private Sub Subscriber6_DataSetMessage(ByVal sender As Variant, ByVal eventArgs As EasyUADataSetMessageEventArgs)
    ' Display the dataset
    If eventArgs.Succeeded Then
        ' An event with null DataSetData just indicates a successful connection.
        If Not eventArgs.DataSetData Is Nothing Then
            OutputText = OutputText & vbCrLf
            OutputText = OutputText & "Dataset data: " & eventArgs.DataSetData & vbCrLf
            Dim dictionaryEntry2 : For Each dictionaryEntry2 In eventArgs.DataSetData.FieldDataDictionary
                OutputText = OutputText & dictionaryEntry2 & vbCrLf
            Next
        End If
    Else
        OutputText = OutputText & vbCrLf
        OutputText = OutputText & eventArgs.ErrorMessageBrief & vbCrLf
    End If
End Sub
# This example shows how to securely subscribe to signed and encrypted dataset messages.
# An external Security Key Service (SKS) is needed (not a part of QuickOPC).
#
# In order to produce network messages for this example, run the UADemoPublisher tool. For documentation, see
# https://kb.opclabs.com/UADemoPublisher_Basics . In some cases, you may have to specify the interface name to be used.
#
# Find all latest examples here: https://opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Latest/examples.html .
# OPC client and subscriber examples in Python on GitHub: https://github.com/OPCLabs/Examples-QuickOPC-Python .
# Missing some example? Ask us for it on our Online Forums, https://www.opclabs.com/forum/index ! You do not have to own
# a commercial license in order to use Online Forums, and we reply to every post.
# The QuickOPC package is needed. Install it using "pip install opclabs_quickopc".
import opclabs_quickopc
import time

# Import .NET namespaces.
from OpcLabs.EasyOpc.UA.Engine import *
from OpcLabs.EasyOpc.UA.PubSub import *
from OpcLabs.EasyOpc.UA.PubSub.OperationModel import *


def dataSetMessage(sender, e):
    # Display the dataset.
    if e.Succeeded:
        # An event with null DataSetData just indicates a successful connection.
        if e.DataSetData is not None:
            print('')
            print('Dataset data: ', e.DataSetData, sep='')
            for pair in e.DataSetData.FieldDataDictionary:
                print(pair)
    else:
        print('')
        print('*** Failure: ', e.ErrorMessageBrief, sep='')


# Define the PubSub connection we will work with. Uses implicit conversion from a string.
pubSubConnectionDescriptor = UAPubSubConnectionDescriptor.op_Implicit('opc.udp://239.0.0.1')
# In some cases you may have to set the interface (network adapter) name that needs to be used, similarly to
# the statement below. Your actual interface name may differ, of course.
#pubSubConnectionDescriptor.ResourceAddress.InterfaceName = 'Ethernet'

# Define the arguments for subscribing to the dataset.
subscribeDataSetArguments = UASubscribeDataSetArguments(pubSubConnectionDescriptor)
# Specifies the security mode for the PubSub network messages received. This is a minimum security
# mode that you want to accept.
subscribeDataSetArguments.DataSetSubscriptionDescriptor.CommunicationParameters.\
    SecurityMode = UAMessageSecurityModes.SecuritySignAndEncrypt
# Specifies the URL of the SKS (Security Key Service) endpoint.
subscribeDataSetArguments.DataSetSubscriptionDescriptor.CommunicationParameters.SecurityKeyServiceTemplate.\
    UrlString = 'opc.tcp://localhost:48010'
subscribeDataSetArguments.DataSetSubscriptionDescriptor.CommunicationParameters.SecurityKeyServiceTemplate.\
    EndpointSelectionPolicy = UAEndpointSelectionPolicy.FromUAMessageSecurityModes(UAMessageSecurityModes.SecuritySignAndEncrypt)
# Specifies the user name and password used for "logging in" to the SKS.
subscribeDataSetArguments.DataSetSubscriptionDescriptor.CommunicationParameters.SecurityKeyServiceTemplate.\
    UserIdentity.UserNameTokenInfo.UserName = 'root'
subscribeDataSetArguments.DataSetSubscriptionDescriptor.CommunicationParameters.SecurityKeyServiceTemplate.\
    UserIdentity.UserNameTokenInfo.Password = 'secret'
# Specifies the Id of the security group in the SKS that will be used (the security group in the
# SKS is configured to use certain security policy, and has other parameters detailing how the
# security keys are generated).
subscribeDataSetArguments.DataSetSubscriptionDescriptor.CommunicationParameters.SecurityGroupId = 'TestGroup'

# Instantiate the subscriber object and hook events.
subscriber = EasyUASubscriber()
subscriber.DataSetMessage += dataSetMessage

print('Subscribing...')
IEasyUASubscriberExtension.SubscribeDataSet(subscriber, subscribeDataSetArguments)

print('Processing dataset message events for 20 seconds...')
time.sleep(20)

print('Unsubscribing...')
subscriber.UnsubscribeAllDataSets()

print('Waiting for 1 second...')
# Unsubscribe operation is asynchronous, messages may still come for a short while.
time.sleep(1)

subscriber.DataSetMessage -= dataSetMessage

print('Finished.')
Inheritance Hierarchy

System.Object
   System.ValueType
      System.Enum
         OpcLabs.EasyOpc.UA.Engine.UAMessageSecurityModes

Requirements

Target Platforms: .NET Framework: Windows 10 (selected versions), Windows 11 (selected versions), Windows Server 2016, Windows Server 2022; .NET: Linux, macOS, Microsoft Windows

See Also