Search code examples
c#databasemongodbsslgssapi

How to access MongoDB using GSSAPI authentication mechanism?

I am trying to connect to the MongoDB server through a ssl certificate using c#. I am getting a System.TimeoutException (A timeout occurred after 30000ms selecting a server using the CompositeServerSelector).

I started with connection via MongoClientSetting object. Here is the code:

MongoClientSettings settings = new MongoClientSettings();
settings.MaxConnectionLifeTime = new TimeSpan(12, 0, 0);

settings.UseSsl = true;
settings.VerifySslCertificate = false;
var cert = new X509Certificate2("mongoDBCAFile.cer");
settings.SslSettings = new SslSettings{
    ClientCertificates = new[] { cert }
};

settings.Servers = new[]{
    new MongoServerAddress("xyz1.intranet.companyname.com", 12345),
    new MongoServerAddress("xyz2.intranet.companyname.com", 12345)
};

settings.ReplicaSetName = "replicaName";

var cred = MongoCredential.CreateGssapiCredential("username@intranet.companyname.com").WithMechanismProperty("SERVICE_NAME", "servicename");
settings.Credential = cred;

var client = new MongoClient(settings);

var database = client.GetDatabase("DatabaseName");
var collection = database.GetCollection<BsonDocument>("CollectionName");

//This is the place of error
var count1 = collection.CountDocuments(new BsonDocument());

I tried playing around with ConnectTimeout, SocketTimeout, and wTimeOut but the error was same.

I also tried doing the same thing using the connection string as mentioned here but I wouldn't figure out how to create a connection string with these many parameters.

Solution

  • Found the solution.

    The issue was with authentication of the user with external server. MongoDB server was waiting for the clearance from this external server, but Because the authentication was never successfully, MongoDB always lead to System.TimeoutException.

    Here is the fix code.

    settings.ReplicaSetName = "replicaName";

SecureString pwd = new NetworkCredential("intranet/userName", "myPassword").securePassword;
var cred = MongoCredential.CreateGssapiCredential("username/intranet.companyname.com", pwd).WithMechanismProperty("SERVICE_NAME", "serviceName").WithMechanismProperty("CANONICALIZE_HOST_NAME", "true");
settings.Credentials = cred;