Has anyone successfully developed any examples where they are able to securely use an RFID as credentials to login to MpUserX and specifically with LDAP Domain users? It seems to be a common topic with customers but there doesn’t seems to be a simple solution to this.
1 Like
Logging in with an RFID tag is possible, but it’s not very straightforward at the moment. I know that there is sample in unofficial BR GitHub which may help you but it’s not exactly what’ you’re looking for in that
- It uses ArUser (not MpUserX), and
- It does not use an LDAP server
The only way I know of doing this at the moment is associating an RFID token with a user in the backend and then forcing a login when the token is read. I’m not sure if this same approach would work with an LDAP server but I suspect it would be trickier.
1 Like
Thanks Marcus for link to GitHub to unofficial sample. Just general points about this topic and security:
LDAP per se does not support RFID login!
However, this is not quite true – as LDAP does not support password login, too!
LDAP is a “directory service” – think about a directory of information. All you can do is to ask this directory for information.
So if MpUserX performs a “login” via LDAP, we are only asking LDAP “give me a user with the login ‘name’ and password ‘password’” … if we get something back, we consider the user as valid and logged in …if not, not.
Something similar would be needed for RFID, too: Store the RFID information in the “directory” of a user … and for login, check if you find a user with the given RFID.
Im not familiar with this sample. But if your solution will be based on this, you should think about security and adapt sample in way, that it meets at least minimum security requirements. So, e.g. RFID information should not be used as password.
2 Likes
Hi @Ben, what is status of your topic? DId you use sample from github or you developed your own solution?
Looks like you accidentally tagged me and not @thyerb
ups, Sorry @Beni3 
I have a question about that. If I use the example from the Github repo, I can imagine, that every mappView Client gets logged in if someone uses the Rfid reader, not just the mappView Client which is near to this Rfid reader. Is is possible to have a exclusive rfid reader login just for one defined mappView Client?
I believe no, because the mappView client have to handle the login by itself, and this is not possible at the moment with mappView?
1 Like
I do not know this sample in detail, but I guess it uses the clientSystem action login(). You can limit the action’s execution with a condition, such as the IP address of the dedicated client or any other condition.
1 Like
Thank you @kovarj , for my specific use case (local user authentication) this will be enough for the moment.
But I will be sure, that in the next projects we are get asked for Rfid with LDAP connection.
Would be great if you share your solution and experiences here. Maybe it will help others as a workaround before official solution from B&R will be introduced. PS: Please take into consideration security topic I already post here User login using RFID tags in combination with MpUserX and LDAP Domain users - #3 by kovarj
Can mappView only authenticate with username and password? Or also with an additional attribute which can be defined in mpUserX?
For authentication you need username and password. B&R Online Help
Ok, but the API behind just can handle username and password right? Nothing else?
As I mentioned, I do not know the sample in GitHub. I’m not the author of it. I’m only guessing 
Closed due to long inactivity. Feel free to reopen it if needed.