cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you get called away in the middle of writing a post? Don't worry you can find your unfinished post later in the Drafts section of your profile page. X

WGM Toolkit - Authentication issue

Rami_Noah
14-Alexandrite

WGM Toolkit - Authentication issue

Version: Windchill 13.0

 

Use Case: my use case is ann app that connect to specific ws and export the Solidworks asm from ws to specific folder ( pure file system )


Description:

i have build a tk app that connect to specific server & ws and add to ws specific asm - in order to export it to file system folder.
everything works smoothly beside the fact that the authentication window is opened, with the correct user name & password, and wait for approval...
once i press the o.k button the app continue to work as expected and complete the entire process.


how can i overcome this issue so the authentication will be completed automatically without human interaction ?

ACCEPTED SOLUTION

Accepted Solutions
avillanueva
22-Sapphire II
(To:Rami_Noah)

Depends on how secure you want to be? Are you looking to have this run as if it was the currently logged in user or is this meant to run as an administrative task with a static admin user? You need to authenticate regardless. With REST, you can generate an API Key I believe but much like a password, that should remain secret. Do not hardcore usernames and passwords in source code. 

If you are running this from the server or always from another host, you can make it a trusted Host in the wt.properties which will only need the username. I have a client tool that connects to a Query Builder report. Its run by multiple users so I had to encrypt the username and password in a properties file that is read in. Its really security through obfuscation but best I could do.  Do not leave these things sitting around in clear text. Also know that if you ever move off of basic auth, things like this will need to be updated.

View solution in original post

3 REPLIES 3
avillanueva
22-Sapphire II
(To:Rami_Noah)

Depends on how secure you want to be? Are you looking to have this run as if it was the currently logged in user or is this meant to run as an administrative task with a static admin user? You need to authenticate regardless. With REST, you can generate an API Key I believe but much like a password, that should remain secret. Do not hardcore usernames and passwords in source code. 

If you are running this from the server or always from another host, you can make it a trusted Host in the wt.properties which will only need the username. I have a client tool that connects to a Query Builder report. Its run by multiple users so I had to encrypt the username and password in a properties file that is read in. Its really security through obfuscation but best I could do.  Do not leave these things sitting around in clear text. Also know that if you ever move off of basic auth, things like this will need to be updated.

Rami_Noah
14-Alexandrite
(To:avillanueva)

Hi

thanks for your answer.

this app will run on a dedicated server with admin privileges.

wgmtk doesn't support REST.

 

BTW, trusted host authentication as been deprecated ( https://www.ptc.com/en/support/article/cs372426 )

any thought ?

avillanueva
22-Sapphire II
(To:Rami_Noah)

That is correct. I am not a fan of trusted host from a security perspective. It still is valid until PTC comes up with a replacement. Your another alternative is username/password but you must externalize this and encrypt at rest. Ensure that the user account you use is restricted from doing anything else but what your program needs to do. This can be done via ACLs. 

Announcements

Top Tags