OPCNETApi and DCOM Hardening|Page 2|Classic OPC: DA, A&E, HDA, XML-DA, etc.|Forum|OPC Foundation

Avatar
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
OPCNETApi and DCOM Hardening
Avatar
Randy Armstrong
Admin
Forum Posts: 1578
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
21
03/10/2022 - 18:35
sp_Permalink sp_Print

Posted 2.1.109.44

Avatar
Vijayakumar Ranganathan
Member
Members
Forum Posts: 5
Member Since:
09/04/2014
sp_UserOfflineSmall Offline
22
03/10/2022 - 23:17
sp_Permalink sp_Print

Randy,

I validated with 2.1.109.44 the issue we were facing is fixed now. Able to connect to the OPC Servers in the DCOM hardened environment without any issues. Any timeline for getting release version?

Regards,

Vijay

Avatar
Randy Armstrong
Admin
Forum Posts: 1578
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
23
03/11/2022 - 00:06
sp_Permalink sp_Print

That was a lot easier than I expected.

I will post the release version once I complete a few QA checks.

Thanks for verifying.

Avatar
Randy Armstrong
Admin
Forum Posts: 1578
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
24
03/14/2022 - 06:46
sp_Permalink sp_Print

Updated OPCClassic .NET API to work with DCOM issue

https://opcfoundation.org/deve…..-packages/

Avatar
Vijayakumar Ranganathan
Member
Members
Forum Posts: 5
Member Since:
09/04/2014
sp_UserOfflineSmall Offline
25
03/27/2022 - 21:38
sp_Permalink sp_Print

Randy,

The binaries in the nugetpackages in the build doesn’t seems to reflect the fix. We tried to reference the assemblies from the nuget packages we were getting into same problem as before. This works fine if we try to use the binaries compiled from the source code.

I tried to disassemble the assemblies in the nugetpacakge and noticed that the fix available in the code is not getting reflected. Copied below the disassmbled code for the OpcCom.Interop.ServerInfo.Allocate allocate method where the fix is avaiable.

 

// OpcCom.Interop.ServerInfo
public Interop.COSERVERINFO Allocate(string hostName, NetworkCredential credential)
{
    string text = null;
    string text2 = null;
    string text3 = null;
    if (credential != null)
    {
        text = credential.UserName;
        text2 = credential.Password;
        text3 = credential.Domain;
    }
    this.m_hUserName = GCHandle.Alloc(text, GCHandleType.Pinned);
    this.m_hPassword = GCHandle.Alloc(text2, GCHandleType.Pinned);
    this.m_hDomain = GCHandle.Alloc(text3, GCHandleType.Pinned);
    this.m_hIdentity = default(GCHandle);
    if (text != null && text != string.Empty)
    {
        this.m_hIdentity = GCHandle.Alloc(new Interop.COAUTHIDENTITY
        {
            User = this.m_hUserName.AddrOfPinnedObject(),
            UserLength = (uint)((text != null) ? text.Length : 0),
            Password = this.m_hPassword.AddrOfPinnedObject(),
            PasswordLength = (uint)((text2 != null) ? text2.Length : 0),
            Domain = this.m_hDomain.AddrOfPinnedObject(),
            DomainLength = (uint)((text3 != null) ? text3.Length : 0),
            Flags = 2u
        }, GCHandleType.Pinned);
    }
    this.m_hAuthInfo = GCHandle.Alloc(new Interop.COAUTHINFO
    {
        dwAuthnSvc = 10u,
        dwAuthzSvc = 0u,
        pwszServerPrincName = IntPtr.Zero,
        dwAuthnLevel = 2u,
        dwImpersonationLevel = 3u,
        pAuthIdentityData = (this.m_hIdentity.IsAllocated ? this.m_hIdentity.AddrOfPinnedObject() : IntPtr.Zero),
        dwCapabilities = 0u
    }, GCHandleType.Pinned);
    return new Interop.COSERVERINFO
    {
        pwszName = hostName,
        pAuthInfo = ((credential != null) ? this.m_hAuthInfo.AddrOfPinnedObject() : IntPtr.Zero),
        dwReserved1 = 0u,
        dwReserved2 = 0u
    };
}

 

Could you please check and address if there are any issues?

 

Regards,

Vijay

Avatar
Randy Armstrong
Admin
Forum Posts: 1578
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
26
03/29/2022 - 07:45
sp_Permalink sp_Print

Something got messed up on the build machine.

Please check 2.1.109.54.

Avatar
Vijayakumar Ranganathan
Member
Members
Forum Posts: 5
Member Since:
09/04/2014
sp_UserOfflineSmall Offline
27
03/30/2022 - 10:30
sp_Permalink sp_Print

Thanks Randy for the quick update. 

Avatar
Elisabetta Pea
Member
Members
Forum Posts: 3
Member Since:
09/22/2014
sp_UserOfflineSmall Offline
28
04/13/2022 - 06:55
sp_Permalink sp_Print

Hi Randy,

I developed an OPC client with .NET Framework 4.7.2, then I downloaded opc-net-api-sample-clients-2.01.109.54-20220329 and I would like to compile OPC NET API.sln and use the generated files.

However, in the opc-net-api-sample-clients-2.01.109.54-20220329 code I noticed some differences between the same classes in different folders.

In particular, I noticed that in file Opc.ConnectData.cs in folder NetCore\OpcNetApi the class ConnectData contains the property:

/// <summary>

/// Use DCOM connect level security (may be needed for backward compatibility).

/// </summary>

public bool UseConnectSecurity { get; set; }

 

While the same class in the same file in folder NET API\Core does not contain it.

This property and other modifications in other files (OpcCom.ServerEnumerator.cs, OpcCom.Factory.cs, ServerEnumerator.cs ) are needed to make the Authentication Level parameter configurable.

In practice, while the code in folder NetCore allows you to configure the type of Authentication Level to use, the code in folder NET API does not. This possibility can be very useful for the backward compatibility of the code (as written in the comment).

Is there a further version of the API planned to realign these differences?

Regards,

Elisabetta

Avatar
Randy Armstrong
Admin
Forum Posts: 1578
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
29
04/14/2022 - 16:18
sp_Permalink sp_Print

Please check 2.1.109.55.

Avatar
Elisabetta Pea
Member
Members
Forum Posts: 3
Member Since:
09/22/2014
sp_UserOfflineSmall Offline
30
04/20/2022 - 02:57
sp_Permalink sp_Print

Hi Randy,

Thank you for your quick answer.

I downloaded and checked the 2.01.109.55 version, and noticed that there are still the following differences between the code for NET API and the code for NetCore:

NET API NetCore
COM Wrapper\OpcCom.ServerEnumerator.cs

namespace OpcCom

class ServerEnumerator

method GetAvailableServers

method CLSIDFromProgID

OpcNetApi.Com\OpcCom.ServerEnumerator.cs

namespace OpcCom

class ServerEnumerator

method GetAvailableServers

method CLSIDFromProgID

m_server = (IOPCServerList2)OpcCom.Interop.CreateInstance(CLSID, host, credentials, false)

 

m_server = (IOPCServerList2)OpcCom.Interop.CreateInstance(CLSID, host, credentials, connectData?.UseConnectSecurity ?? false);

 

 

Common NetCore
NetRcw\ServerEnumerator.cs

namespace OpcRcw

class ServerEnumerator

method Connect

OpcComRcw\ServerEnumerator.cs

namespace OpcRcw

class ServerEnumerator

method Connect

public void Connect(string host, string username, string password, string domain) public void Connect(string host, string username, string password, string domain,

bool useConnectSecurity = false)

 

unknown = Utils.CreateInstance(OPCEnumCLSID, host, username, password, domain, false); unknown = Utils.CreateInstance(OPCEnumCLSID, host, username, password, domain, useConnectSecurity);

 

Regards,

Elisabetta

Avatar
Randy Armstrong
Admin
Forum Posts: 1578
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
31
04/26/2022 - 07:57
sp_Permalink sp_Print

Put a task in to get rid of all of the duplicate code….

Try 2.01.109.56

Avatar
Elisabetta Pea
Member
Members
Forum Posts: 3
Member Since:
09/22/2014
sp_UserOfflineSmall Offline
32
04/27/2022 - 08:23
sp_Permalink sp_Print

Hi Randy,

I downloaded and checked the 2.01.109.56 version. Unfortunately in this version there is still a difference to be corrected.

NET API NetCore
COM Wrapper\OpcCom.ServerEnumerator.cs

namespace OpcCom

class ServerEnumerator

method CLSIDFromProgID

OpcNetApi.Com\OpcCom.ServerEnumerator.cs

namespace OpcCom

class ServerEnumerator

method CLSIDFromProgID

m_server = (IOPCServerList2)OpcCom.Interop.CreateInstance(CLSID, host, credentials, false)

 

m_server = (IOPCServerList2)OpcCom.Interop.CreateInstance(CLSID, host, credentials, connectData?.UseConnectSecurity ?? false);

 

Thank you in advance for your work …… and for your patience.

Elisabetta

Avatar
Randy Armstrong
Admin
Forum Posts: 1578
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
33
04/27/2022 - 14:44
sp_Permalink sp_Print

Apologies again. I thought I searched for all CreateInstance calls.

Try again with 2.01.109.57.

Avatar
pascual samame
Member
Members
Forum Posts: 4
Member Since:
10/06/2021
sp_UserOfflineSmall Offline
34
06/01/2022 - 22:03
sp_Permalink sp_Print sp_EditHistory

Hi,

I am testing OpcNetApi using .Net Framework with remote connection but I get the following error :

Application with PID 2024 is requesting to activate CLSID {63482C41-5891-81A2-D416-3AE306C10000} on computer XXX with explicitly set authentication level at 2. The lowest activation authentication level required by DCOM is 5(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY). To raise the activation authentication level, please contact the application vendor.

I changed the Dcom setting on the client machine (dcomcnfg->My Computer -> Default Properties -> Default Authentication level)from Connect to Packet Integrity but It didn´t work.

Can you help me with some steps to continue with my testes.

Regards,

Ana

Avatar
Randy Armstrong
Admin
Forum Posts: 1578
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
35
06/02/2022 - 01:09
sp_Permalink sp_Print

The client code is not initializing the DCOM correctly. You need to update the client code.

Avatar
pascual samame
Member
Members
Forum Posts: 4
Member Since:
10/06/2021
sp_UserOfflineSmall Offline
36
06/02/2022 - 06:49
sp_Permalink sp_Print

Hi Randy

Thanks for your answer, my code to connect

// txtServer.Text = “opcda://XX.x.XX.x/Smar.DfiOleServer.0”

Opc.URL url = new Opc.URL(txtServer.Text);
OpcCom.Factory fact = new OpcCom.Factory();
server = new Opc.Da.Server(fact, null);

server.Connect(url, new Opc.ConnectData(new System.Net.NetworkCredential()));

I can establish the connection without error but when I try to read 1 Tag (item) I get error

Application with PID 2024 is requesting to activate CLSID {63482C41-5891-81A2-D416-3AE306C10000} on computer XXX with explicitly set authentication level at 2. The lowest activation authentication level required by DCOM is 5(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY). To raise the activation authentication level, please contact the application vendor.

I can´t found some method in the Opc.Da dll that initializing the DCOM with this authentication level, can you help my with this

Regards,

Ana

Avatar
Randy Armstrong
Admin
Forum Posts: 1578
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
37
06/02/2022 - 13:17
sp_Permalink sp_Print

You need to use the latest version of the .NET API (2.01.109.57).

Can you confirm you are using it?

Avatar
pascual samame
Member
Members
Forum Posts: 4
Member Since:
10/06/2021
sp_UserOfflineSmall Offline
38
06/02/2022 - 14:33
sp_Permalink sp_Print

Hi Randy

I am using the .NET API 2.0.50727.

How can I get the version 2.01.109.57?

Regards,

Ana

Avatar
Randy Armstrong
Admin
Forum Posts: 1578
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
Avatar
pascual samame
Member
Members
Forum Posts: 4
Member Since:
10/06/2021
sp_UserOfflineSmall Offline
40
06/02/2022 - 22:35
sp_Permalink sp_Print

Thanks for your answer but the links area just available for Corporate members and I dont have access :(, so I can`t use it?

 

Ana

Forum Timezone: America/Phoenix
Most Users Ever Online: 510
Currently Online:
Guest(s) 24
Currently Browsing this Page:
2 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1444
Posts: 4887