Authentication and authorization

Overview

There are two different users to consider when takling about authentication and authorization. There is the primary-user and the secondary-user:

Primary user

The primary user is the user of the consumer, for example an external service communicating and sending messages to Platina STandard API. This user needs to be configured in platina as "{StandardServiceAuthorizedUser}".

This user should be a windows domain user, for authentication, and Platina Standard API authorizes the call itself.

Secondary user

The secondary user is the user for which the use case i performed, for example if a journalized case is created, the case is created on belhaf of the secondary user in Platina. The secondary user needs to be a Platina user, with the correct access rights in the system. Depending on the use cases, the access control have to be configured correctly for that user in Platina.

WCF service security.

The service implementation uses the Microsoft WCF framework, and the binding properties of the service can be changes declaratively, by modifying the configuration files of the service. Currently the service uses TCP/IP binding windows authentication and transport level security (messages are encrypted and signed). Below are the default bindings:

<bindings>

<netTcpBinding>

<binding  name="SecureNetTcp"  portSharingEnabled="true"  transferMode="Streamed"  receiveTimeout="00:05:00"  sendTimeout="00:05:00"  maxBufferSize="65536"  maxReceivedMessageSize="2147483647">

<security  mode="Transport">

<transport  clientCredentialType="Windows"  protectionLevel="EncryptAndSign"  />

</security>

</binding>

</netTcpBinding>

</bindings>

The binding properties of the service can be configured to support for example HTTPS using certificates.