Sitecore xDB Enabling Authentication

So are you trying to configure MongoDB with authentication enabled? Then this post might help you.

Most of the blogs on Sitecore and xDB configuration give information about configuring MongoDB with localhost and that too without authentication. This is suitable when you are working on a development environment, but how about the details when xDB is to be configured for Production environments.

Production environments have completely different requirements where you have to look at the security aspects as well. There would be separate Database servers and Applications servers and Sitecore should connect with an authentication mechanism.

I recently worked on one such task and would like to share how authentication can be enabled on MongoDB. Documentation at MongoDB Manual is a one stop solution for all your queries related to Mongo. It has been written really simple and complete.

Few recommendations, best practices for setting up MongoDB,

  • Configure it to run as a service. I followed Sitecore 7.5 : Setting up xDB without Mongo experience? to configure it as a service.
  • Use configuration file to specify the parameters and settings instead of command-line arguments as they are much easier to manage, especially on large-scale deployments.

Optionally you can change the default installation path of MongoDB from “C:\Program Files” to “C:\Databases” as I did in my case. Once you have configured MongoDB as service with a configuration file, it should have below two entries.

logpath=C:\Databases\MongoDB 2.6 Standard\logs\mongo.log 
dbpath=C:\Databases\MongoDB 2.6 Standard\data

In Command Prompt navigate to “C:\Databases\MongoDB 2.6 Standard\bin” folder and start Mongo Shell. You will be connected to test database. Switch to admin database by using “use admin” command. Create a User Administrator with below script,

db.createUser({user: "admin_mongo",pwd: "mongoadmin12",roles: [ { role: "userAdminAnyDatabase", db:"admin" }, { role: "root", db:"admin" } ]  })

Once the user administrator is created successfully connect to mongo with the same user with below command.

db.auth("admin_mongo","mongoadmin12")

To verify user creation use command,

db.getUsers()

Create-And-Verify-User-Admin

Why create a User Administrator?
A user administrator can grant any privilege in the database and can create new ones. In a MongoDB deployment, create the user administrator as the first user. Then let this user create all other users.
Now disconnect from mongo shell using exit command. Make a change to the config file and add a setting auth=true, so your config file will finally look like,

logpath=C:\Databases\MongoDB 2.6 Standard\Logs\mongo.log
dbpath=C:\Databases\MongoDB 2.6 Standard\data
auth=true

Note: Do not forget to restart the services as it would not reflect config file changes.

Now connect to mongo shell -> use admin database -> connect with User Admin and create other user with readWrite access role.

use scmongors_analytics
db.createUser({user: "mongo_user",pwd: "mongouser12",roles: [ { role: "readWrite", db:"scmongors_analytics" } ]  })

use scmongors_tracking_live
db.createUser({user: "mongo_user",pwd: "mongouser12",roles: [ { role: "readWrite", db:"scmongors_tracking_live" } ]  })

use scmongors_tracking_history
db.createUser({user: "mongo_user",pwd: "mongouser12",roles: [ { role: "readWrite", db:"scmongors_tracking_history" } ]  })

use scmongors_tracking_contact
db.createUser({user: "mongo_user",pwd: "mongouser12",roles: [ { role: "readWrite", db:"scmongors_tracking_contact" } ]  })

Create-User

So far we were dealing with MongoDB, now it’s time to get Sitecore connected to xDB with the authorized users. Let’s change the connections strings by following the tips from,

We can use the below format,

mongodb://[username:password@]host1[:port1]/database

If you have configured mongo to use default port (which is 27017) no need to specify it in the connection string. Host can be IP or machine name on which mongo is installed.

My final connection strings looked like,

<add name="analytics" connectionString="mongodb://mongo_user:mongouser12@192.168.2.75/scmongors_analytics" />
  <add name="tracking.live" connectionString="mongodb://mongo_user:mongouser12@192.168.2.75/scmongors_tracking_live" />
  <add name="tracking.history" connectionString="mongodb://mongo_user:mongouser12@192.168.2.75/scmongors_tracking_history" />
  <add name="tracking.contact" connectionString="mongodb://mongo_user:mongouser12@192.168.2.75/scmongors_tracking_contact" />

Firewall Settings

An Inbound Rule in Firewall settings would be required, follow below screen shots to create one.

Firewall-Port

Firewall-Port1

Firewall-Port2

Firewall-Port3

Firewall-Port4

That is all we have to follow for authentication on Mongo.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: