Solved: WGM Toolkit - Authentication issue

Rami_Noah · ‎Nov 01, 2024

Version: Windchill 13.0

Use Case: my use case is ann app that connect to specific ws and export the Solidworks asm from ws to specific folder ( pure file system )

Description:

i have build a tk app that connect to specific server & ws and add to ws specific asm - in order to export it to file system folder.
everything works smoothly beside the fact that the authentication window is opened, with the correct user name & password, and wait for approval...
once i press the o.k button the app continue to work as expected and complete the entire process.

how can i overcome this issue so the authentication will be completed automatically without human interaction ?

avillanueva · ‎Nov 01, 2024

Depends on how secure you want to be? Are you looking to have this run as if it was the currently logged in user or is this meant to run as an administrative task with a static admin user? You need to authenticate regardless. With REST, you can generate an API Key I believe but much like a password, that should remain secret. Do not hardcore usernames and passwords in source code.

If you are running this from the server or always from another host, you can make it a trusted Host in the wt.properties which will only need the username. I have a client tool that connects to a Query Builder report. Its run by multiple users so I had to encrypt the username and password in a properties file that is read in. Its really security through obfuscation but best I could do. Do not leave these things sitting around in clear text. Also know that if you ever move off of basic auth, things like this will need to be updated.

View solution in original post

avillanueva · ‎Nov 01, 2024

Depends on how secure you want to be? Are you looking to have this run as if it was the currently logged in user or is this meant to run as an administrative task with a static admin user? You need to authenticate regardless. With REST, you can generate an API Key I believe but much like a password, that should remain secret. Do not hardcore usernames and passwords in source code.

If you are running this from the server or always from another host, you can make it a trusted Host in the wt.properties which will only need the username. I have a client tool that connects to a Query Builder report. Its run by multiple users so I had to encrypt the username and password in a properties file that is read in. Its really security through obfuscation but best I could do. Do not leave these things sitting around in clear text. Also know that if you ever move off of basic auth, things like this will need to be updated.

Rami_Noah · ‎Nov 02, 2024

Hi

thanks for your answer.

this app will run on a dedicated server with admin privileges.

wgmtk doesn't support REST.

BTW, trusted host authentication as been deprecated ( https://www.ptc.com/en/support/article/cs372426 )

any thought ?

avillanueva · ‎Nov 04, 2024

That is correct. I am not a fan of trusted host from a security perspective. It still is valid until PTC comes up with a replacement. Your another alternative is username/password but you must externalize this and encrypt at rest. Ensure that the user account you use is restricted from doing anything else but what your program needs to do. This can be done via ACLs.