WARNING: This server provides a static reference view of the NetKernel documentation. Links to dynamic content do not work. For the best experience we recommend you install NetKernel and view the documentation in the live system .

Server

A server can require that a client be authenticated before it is permitted to establish a connection.

To enable authentication a server endpoint must specify an in its configuration...

<endpoint>
  <prototype>NKPServer</prototype>
  <config>
    <port>10604</port>
    <authenticationRequest>
      <identifier>active:authenticate</identifier>
      <argument name="username">arg:username</argument>
      <argument name="password">arg:password</argument>
    </authenticationRequest>
  </config>
</endpoint>

The is a declarative request which will be issed into the Server side address space. The arg:username and arg:password values are provided from the client-side (see below).

The implementation of the handler for the authentication request must return a Boolean representation indicating if the user is authorized to establish a connection.

Authentication occurs each time a connection is established. [Note that this is not necessarily the same as for each request since a connection may be long-lived (in bridge patterns), or may be cached and reused (one-shot)].

Client

If a server requires authentication a client 'must provide credentials in its configuration...

<endpoint>
  <prototype>NKPClient</prototype>
  <config>
    <hostname>localhost</hostname>
    <port>10604</port>
    <username>tab</username>
    <password>tab</password>
  </config>
</endpoint>

The credentials will be sent each time a connection is established.

Security Considerations

If you are not operating your NetKernel system on a secure private network you should also ensure that the connection is encrypted using TLS/SSL.

Hiding authentication service

The NKP Server implements a private filter and will not project any endpoint marked as private over to the client-side. You may therefore ensure that your authentication service cannot be reached by client requests by adding a tag.