Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Cannot connect to KepServer - OPC UA service result - {BadUserAccessDenied}

More
07 Jul 2021 14:52 #9932 by micham
Hi,
1. Can you tell me how the server should be configured to allow your sample project to work with it?
2. The WithUserNameAndidentity method cannot be found in "Extension methods". There is a similar method called: WithUserNameIdentity (with "And"). Can you please advise which one is correct?

Thanks.
Michael

Please Log in or Create an account to join the conversation.

More
07 Jul 2021 14:48 - 07 Jul 2021 14:51 #9931 by support
It depends on how the server is configured.

If it is configured to require the user authentication, which I think is your case at the moment, then connections to it won't work without authenticating the user.

Regards
Last edit: 07 Jul 2021 14:51 by support.

Please Log in or Create an account to join the conversation.

More
07 Jul 2021 14:35 #9930 by micham
Hi,
Thank you for your answer.

1. The "Imports OpcLabs.EasyOpc.UA.Extensions" is included.
2. I tried your sample project and I am getting the same error. See attached. Should your sample VB project work with KepServer OPC UA server?

Thank you.

Michael
Attachments:

Please Log in or Create an account to join the conversation.

More
06 Jul 2021 17:10 #9906 by support
Hello.

Each example page has multiple tabs with the same code written in different languages. I cannot give you a URL that opens the specific language tab. It will show the first language tab first, and you can then pick which language you want.

Re 1: I wrote that WithUserNameAndidentity is an extension method. That means that on the documentation for UAEndpointDescriptor members ( opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...ndpointDescriptor_members.html ), you will find it listed under "Extension methods". And if you click on it, on the top it tells you that it is in the "OpcLabs.EasyOpc.UA.Extensions Namespace", which means that you need to add
Imports OpcLabs.EasyOpc.UA.Extensions
at the beginning of your VB file - as it is in the example, anyway.


Re 2. I do not know. It is determined by the server. If you are using KEPServerEX, I *guess* it is related to the stuff under Settings -> User Manager.

Best regards

Please Log in or Create an account to join the conversation.

More
06 Jul 2021 16:33 #9905 by micham
Hi,

Thank you for your answer. Since I am using VB.NET, I used the VB.NET example:

Dim gdsEndpointDescriptor As UAEndpointDescriptor =
New UAEndpointDescriptor("opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer") _
.WithUserNameIdentity("appuser", "demo")

1. When I build my project I get this error:
Error BC30456 'WithUserNameIdentity' is not a member of 'UAEndpointDescriptor'.

2. What should be the value of the user ("appuser") and password?

Thanks.

Michael

Please Log in or Create an account to join the conversation.

More
06 Jul 2021 14:45 #9902 by support
Since you did not state that you doing anything to authenticate the user, I assume that you are not doing it.

The server is probably configured to only accept authenticated users on the endpoint you have chosen. There are multiple ways in OPC UA the user authentication can be done (and it depends on the server which methods it supports), but the most common is username + password.

In the code, user name and password can be configured in the UAEndpointDescriptor, either by setting the appropriate properties, or with the .WithUserNameAndIdentity extension method (example: opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...ind%20all%20registrations.html ).

Best regards

Please Log in or Create an account to join the conversation.

More
06 Jul 2021 14:36 #9900 by micham
Hi,

When I try connecting with the KepServer UA, I get the following message:

OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.

Can you please let me know what is wrong with the user identity and how can I change it?

Exceptions

Type: OpcLabs.BaseLib.Browsing.BrowseException
Data:
HelpLink:
HResult: -2146233088 (0x80131500)
InnerException:
OpcLabs.EasyOpc.UA.Engine.UAEngineException: UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'. ---> OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
--- End of inner exception stack trace ---
Activity Trace:
Data:
ErrorId: OpcLabs.UAEngine=1
7b4d9f28-22a8-41d6-93ea-e4d8c2a75da8:
((16, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((16, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
c3c0e69e-bf8f-4bfa-8e93-816783737e55: 16
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Error Code: 1
HelpLink:
HResult: -2146232832 (0x80131600)
InnerException: OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Data: ErrorId: Opc.UA.ServiceResult=0x801F0000
Help Link:
HResult: -2146232832 (0x80131600)
InnerException:
Internal Code: 2149515264
Message: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Result: BadUserAccessDenied
Additional Info:
Description: Endpoint does not supported the user identity type provided.
Inner Result:
Qualified Symbolic ID:
Expanded Text:
Is Null: True
Name:
Namespace Index: 0
Namespace URI:
Namespace URI String:
Standard Name:
Status Code: BadUserAccessDenied
Code Bits: 32799
Code Bits Symbol: BadUserAccessDenied
Condition: 31
Flag Bits: 0
Has Data Value Info: False
Info Type: NotUsed
Internal Value: 2149515264
Is Bad: True
Is Good: False
Is Uncertain: False
Limit Info: None
Overflow: False
Semantics Changed: False
Severity: BadOrFailure
Status Info: Error
Structure Changed: False
Text: {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Target Site: Void Open(System.String, UInt32, Opc.Ua.IUserIdentity, System.Collections.Generic.IList`1[System.String], Boolean)
DeclaringType: Opc.Ua.Client.Session
Module: Opc.Ua.Client.dll
Assembly: Opc.Ua.Client, Version=1.3.342.0, Culture=neutral, PublicKeyToken=6faddca41dacb409
CustomAttributes:
FullyQualifiedName: D:\MyBin\Proj-VS2017\EBO-OPC Client\Configuration(1)\bin\Debug\Opc.Ua.Client.dll
MDStreamVersion: 131072
MetadataToken: 1
ModuleHandle: System.ModuleHandle
MDStreamVersion: 131072
ModuleVersionId: 5171d3a9-7cd0-4339-8411-4626e4a4b08c
Name: Opc.Ua.Client.dll
ScopeName: Opc.Ua.Client.dll
Source: Opc.Ua.Client
Stack Trace:
at Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales, Boolean checkDomain)
at OpcLabs.EasyOpc.UA.Sdk.Shims.SessionShim.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupSession, Action`1 setupTransportChannel)
at OpcLabs.EasyOpc.UA.Toolkit.Sdk.ToolkitSession.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupTransportChannel, UAClientSessionBase clientSession)
at OpcLabs.EasyOpc.UA.Toolkit.ClientServer.UAClientSessionBase.<>c__DisplayClass147_0.<CreateSdkSession>b__2()
at OpcLabs.EasyOpc.UA.Toolkit.UAEngineBase.PerformSdkAction(UASdkCallType callType, Func`1 usingFunction, String name, Action sdkAction)
TargetSite:
Message:
UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'.
Source:
Stack Trace:
TargetSite:
Message: Problem browsing OPC Unified Architecture nodes.
Source:
StackTrace:
TargetSite:

Thanks,

Michael

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.234 seconds