Reset Filters

SmartConnect 2018

WCF REST Security Process Flow

Determining user access

The steps taken to determine if a client/user has access to the SmartConnect WCF REST service are as follows:

Is this request enabled on the web server to which the client is connecting. If not the client receives an operation disabled on this server message.
Is the request enabled within SmartConnect. If not the client receives an operation disabled within SmartConnect message.
Has defined security/standard security been set within SmartConnect for this request. If not, no further security processing occurs and the client gains access to the service request.
Has defined security/standard security configurations been met by the client:
oIs the user required to be validated by windows. If so and user validation fails the client receives an invalid user for this operation message.
oIs the user required to be validated within SmartConnect. If so and user validation fails the client receives an invalid user for this operation message.
oAre specific user credentials required for access to this request. If so and the user fails validation the client receives an invalid user for this operation message.
oIs IP filtering required within SmartConnect. If so and the client fails validation the client receives an invalid client endpoint for this operation message.
oIs time filtering required within SmartConnect. If so and the request has been made outside the time parameters the client receives an invalid service request configuration message.
If this request requires access to a map, does the map allow anonymous access, or does the user have access to the map. If validation fails, or the map is locked and cannot be accessed the client receives a map is unavailable or does not exist message.
If all above security checks have passed the client is granted access to the web service request.

 

Note: SmartConnect maps are processed as the user configured to run the SmartConnect WCF REST service.