Skip to main content
Version: 3.12

Getting Started with Authentication and Authorization by Using ScalarDB Cluster .NET Client SDK

The ScalarDB Cluster .NET Client SDK supports authentication and authorization, which allows you to authenticate and authorize your requests to ScalarDB Cluster.

Install the SDK​

Install the same major and minor version of the SDK as ScalarDB Cluster into the .NET project. You can do this by using the built-in NuGet package manager, replacing <MAJOR>.<MINOR> with the version that you're using:

dotnet add package ScalarDB.Net.Client --version '<MAJOR>.<MINOR>.*'

Set credentials in ScalarDbOptions​

First, you need to get a transaction manager or transaction admin object with credentials by using TransactionFactory as follows, replacing the contents in the angle brackets as described. Also, be sure to replace <GET_TRANSACTION_MANAGER> with GetTransactionManager(), GetTwoPhaseCommitTransactionManager(), GetSqlTransactionManager(), or GetSqlTwoPhaseCommitTransactionManager().

var scalarDbOptions = new ScalarDbOptions
{
Address = "http://<HOSTNAME_OR_IP_ADDRESS>:<PORT>",
HopLimit = 10,
AuthEnabled = true,
Username = "<USERNAME>",
Password = "<PASSWORD>"
};
var factory = TransactionFactory.Create(scalarDbOptions);

// To get a transaction manager
using var manager = factory.<GET_TRANSACTION_MANAGER>();

// To get a transaction admin
using var admin = factory.GetTransactionAdmin();

A transaction manager or transaction admin object created from TransactionFactory with the provided credentials will automatically log in to ScalarDB Cluster and can communicate with it.

Wire encryption​

Wire encryption is also supported. It can be turned on by setting Address property of ScalarDbOptions to the url started with https, like follows:

builder.Services.AddScalarDbContext<TestDbContext>(options =>
{
options.Address = "https://<HOSTNAME_OR_IP_ADDRESS>:<PORT>";
//...
});

Wire encryption options​

  • TlsRootCertPem: The custom CA root certificate (PEM data) for TLS communication.
  • TlsRootCertPath: The custom CA root certificate (file path) for TLS communication. If both TlsRootCertPem and TlsRootCertPath are set, TlsRootCertPem will be used.
  • TlsOverrideAuthority: The custom authority for TLS communication. This doesn't change what host is actually connected. This is mainly intended for testing. For example, you can specify the hostname presented in the cluster's certificate (scalar.db.cluster.node.tls.cert_chain_path parameter of the cluster). If there's more than one hostname in the cluster's certificate only the first one will be checked.