Developer's Guide - Agent Authentication
In This Topic
By design, there is no authentication for the REST API used by Loupe Agents to communicate with a Loupe Server. There are protections built into the Loupe Server to protect it against malicious requests, and it isn't possible to query back any protected information, including any details of sessions or files from that API.
Additionally, there is a downside to adding authentication to the API - it creates another potential reason that session information won't travel to the server, making it difficult to diagnose problems in your application including things like authentication. Therefore, we recommend wherever feasible that this anonymous API feature be preserved.
For environments where authentication is required, it is possible to extend the Loupe Agent to work with nearly any HTTP authentication mechanism.
Implementing Basic Authentication
To add basic authentication (Username and password) to the Agent / Server communication you can use the Loupe-provided server authentication mechanism.
Configuring the Agent
Specify the BasicAuthenticationProvider Class as the Server Authentication Provider, like this:
Log.ServerAuthenticationProvider = new BasicAuthenticationProvider("myUserName", "myPassword");
If the user's credentials change just set the property to a new instance of the BasicAuthenticationProvider with the updated credentials.
Configuring the Server
The Loupe Server itself does not directly provide any authentication support for the Agent's REST API. This can be added using the various authentication means built into IIS itself or by routing Agent requests through a request proxy that performance the authentication.
If configuring IIS on the Loupe Server we recommend setting up a separate endpoint for the Agent's REST API from all other Loupe Server uses so the authentication method doesn't block the Loupe Desktop or the server's own Web UI.
Implementing Custom Authentication
If you need to use something other than basic authentication you will need to implement your own IServerAuthenticationProvider Interface to perform the authentication. This interface provides several methods to let you intercept different parts of the authentication lifecycle:
- Login: Used to authenticate with the server prior to making any API requests. Useful for token-based authentication systems where the authentication is done to a different URL and a token is returned to add to the request.
- PreProcessRequest: Used to modify each request to add headers & content to provide authentication for that request.
- Logout: Used to explicitly log out when the Agent no longer needs to communicate with the server.
Configuring the Agent
Specify your custom implementation class as the Server Authentication Provider, like this:
//Naturally, your constructor may be quite different
IServerAuthenticationProvider provider = new YourCustomAuthenticationProvider();
Log.ServerAuthenticationProvider = provider
Configuring the Server
The Loupe Server itself does not directly provide any authentication support for the Agent's REST API. This can be added using the various authentication means built into IIS itself or by routing Agent requests through a request proxy that performance the authentication.
If configuring IIS on the Loupe Server we recommend setting up a separate endpoint for the Agent's REST API from all other Loupe Server uses so the authentication method doesn't block the Loupe Desktop or the server's own Web UI.
See Also