Has anyone successfully developed any examples where they are able to securely use an RFID as credentials to login to MpUserX and specifically with LDAP Domain users? It seems to be a common topic with customers but there doesn’t seems to be a simple solution to this.
Logging in with an RFID tag is possible, but it’s not very straightforward at the moment. I know that there is sample in unofficial BR GitHub which may help you but it’s not exactly what’ you’re looking for in that
- It uses ArUser (not MpUserX), and
- It does not use an LDAP server
The only way I know of doing this at the moment is associating an RFID token with a user in the backend and then forcing a login when the token is read. I’m not sure if this same approach would work with an LDAP server but I suspect it would be trickier.
Thanks Marcus for link to GitHub to unofficial sample. Just general points about this topic and security:
LDAP per se does not support RFID login!
However, this is not quite true – as LDAP does not support password login, too!
LDAP is a “directory service” – think about a directory of information. All you can do is to ask this directory for information.
So if MpUserX performs a “login” via LDAP, we are only asking LDAP “give me a user with the login ‘name’ and password ‘password’” … if we get something back, we consider the user as valid and logged in …if not, not.
Something similar would be needed for RFID, too: Store the RFID information in the “directory” of a user … and for login, check if you find a user with the given RFID.
Im not familiar with this sample. But if your solution will be based on this, you should think about security and adapt sample in way, that it meets at least minimum security requirements. So, e.g. RFID information should not be used as password.