Sitecore xDB Enabling Authentication

So are you trying to configure MongoDB with authentication enabled? Then this post might help you.

Most of the blogs on Sitecore and xDB configuration give information about configuring MongoDB with localhost and that too without authentication. This is suitable when you are working on a development environment, but how about the details when xDB is to be configured for Production environments.

Production environments have completely different requirements where you have to look at the security aspects as well. There would be separate Database servers and Applications servers and Sitecore should connect with an authentication mechanism.

I recently worked on one such task and would like to share how authentication can be enabled on MongoDB. Documentation at MongoDB Manual is a one stop solution for all your queries related to Mongo. It has been written really simple and complete.

Few recommendations, best practices for setting up MongoDB,

  • Configure it to run as a service. I followed Sitecore 7.5 : Setting up xDB without Mongo experience? to configure it as a service.
  • Use configuration file to specify the parameters and settings instead of command-line arguments as they are much easier to manage, especially on large-scale deployments.

Optionally you can change the default installation path of MongoDB from “C:\Program Files” to “C:\Databases” as I did in my case. Once you have configured MongoDB as service with a configuration file, it should have below two entries.

[code language=”xml”]
logpath=C:\Databases\MongoDB 2.6 Standard\logs\mongo.log
dbpath=C:\Databases\MongoDB 2.6 Standard\data

[/code]

In Command Prompt navigate to “C:\Databases\MongoDB 2.6 Standard\bin” folder and start Mongo Shell. You will be connected to test database. Switch to admin database by using “use admin” command. Create a User Administrator with below script,

[code language=”xml”]
db.createUser({user: "admin_mongo",pwd: "mongoadmin12",roles: [ { role: "userAdminAnyDatabase", db:"admin" }, { role: "root", db:"admin" } ] })
[/code]

Once the user administrator is created successfully connect to mongo with the same user with below command.

[code language=”xml”]
db.auth("admin_mongo","mongoadmin12")
[/code]

To verify user creation use command,

[code language=”xml”]
db.getUsers()
[/code]

Create-And-Verify-User-Admin

Why create a User Administrator?
A user administrator can grant any privilege in the database and can create new ones. In a MongoDB deployment, create the user administrator as the first user. Then let this user create all other users.
Now disconnect from mongo shell using exit command. Make a change to the config file and add a setting auth=true, so your config file will finally look like,

[code language=”xml”]
logpath=C:\Databases\MongoDB 2.6 Standard\Logs\mongo.log
dbpath=C:\Databases\MongoDB 2.6 Standard\data
auth=true

[/code]

Note: Do not forget to restart the services as it would not reflect config file changes.

Now connect to mongo shell -> use admin database -> connect with User Admin and create other user with readWrite access role.

[code language=”xml”]
use scmongors_analytics
db.createUser({user: "mongo_user",pwd: "mongouser12",roles: [ { role: "readWrite", db:"scmongors_analytics" } ] })

use scmongors_tracking_live
db.createUser({user: "mongo_user",pwd: "mongouser12",roles: [ { role: "readWrite", db:"scmongors_tracking_live" } ] })

use scmongors_tracking_history
db.createUser({user: "mongo_user",pwd: "mongouser12",roles: [ { role: "readWrite", db:"scmongors_tracking_history" } ] })

use scmongors_tracking_contact
db.createUser({user: "mongo_user",pwd: "mongouser12",roles: [ { role: "readWrite", db:"scmongors_tracking_contact" } ] })
[/code]

Create-User

So far we were dealing with MongoDB, now it’s time to get Sitecore connected to xDB with the authorized users. Let’s change the connections strings by following the tips from,

We can use the below format,

[code language=”xml”]
mongodb://[username:password@]host1[:port1]/database
[/code]

If you have configured mongo to use default port (which is 27017) no need to specify it in the connection string. Host can be IP or machine name on which mongo is installed.

My final connection strings looked like,

[code language=”xml”]
<add name="analytics" connectionString="mongodb://mongo_user:mongouser12@192.168.2.75/scmongors_analytics" />
<add name="tracking.live" connectionString="mongodb://mongo_user:mongouser12@192.168.2.75/scmongors_tracking_live" />
<add name="tracking.history" connectionString="mongodb://mongo_user:mongouser12@192.168.2.75/scmongors_tracking_history" />
<add name="tracking.contact" connectionString="mongodb://mongo_user:mongouser12@192.168.2.75/scmongors_tracking_contact" />

[/code]

Firewall Settings

An Inbound Rule in Firewall settings would be required, follow below screen shots to create one.

Firewall-Port

Firewall-Port1

Firewall-Port2

Firewall-Port3

Firewall-Port4

That is all we have to follow for authentication on Mongo.