OPC UA Servers may require that the user making a connection from the OPC UA client is authenticated, and reject the connection of the authentication fails. In addition, different users may have different permissions (authorization) for various operations on the OPC UA Server. For more information, see OPC UA User Authentication.
You can specify the identity of the user making the connection using the UserIdentity property. This property is a UserIdentity object that contains following user token infos:
Note: The Kerberos token info may represent an explicitly specified user identity (if you set KerberosTokenInfo.NetworkSecurity.CustomNetworkCredential to true and specify additional parameters, such as the user name, password, and domain), or it can represent the current user running the code (if KerberosTokenInfo.NetworkSecurity.CustomNetworkCredential is set to false).
Zero, one, or more user token infos (of different types) may be specified in the UserIdentity object. By default, no user token info is specified. The user token infos are always present (i.e. non-null), but they are only used if they are filled in with data. For example, if you leave the UserName and Password in the UserNameTokenInfo empty, the user name token will not be used. If you, however, start putting values into any of the token infos, you need to fill in everything necessary in that token, otherwise an error may occur. For an AnonymousTokenInfo, the anonymous token is used when its IsConfigured property is set to true.
You can easily create a UserIdentity with certain user token by one of the following static methods:
When QuickOPC-UA makes a connection to the OPC UA server, it selects the user token according to its built-in token selection policy. The OPC UA server is interrogated for user token policies available on the endpoint, and the QuickOPC-UA selects the most appropriate one from them.
When you set the user identity in the above described way, i.e. in the session parameters object, it applies to all sessions (connections) made by that EasyUAClient object. In addition to this, it is also possible to specify the user identity directly for a specific connection, i.e. on the UAEndpointDescriptor object.
There is a UserIdentity property on the UAEndpointDescriptor as well, and the user token infos contained there are merged together with those coming from the session parameters, for each connection made on that endpoint. For details on easier handling user identities specified directly on an endpoint, see OPC UA Server Endpoints.