I'm trying to change how we initialize the embedded RavenDB for our product. In the past, we have just included the following during initialization:
We do not want anonymous users to have much/any access, especially when we have Studio enabled. I've changed the setup so that AnonymousUserAccessMode = AnonymousUserAccessMode.None. I have also set AllowLocalAccessWithoutAuthorization = false, but in testing, setting this to true didn't help.
I'm now having some problems with initialization. After ensuring the Raven system database is in place, we commonly create multiple tenants. We have separate tenants for different parts of our application we want to keep separate, plus one for NServiceBus. After the databases are configured, we initialize NServiceBus and point it at its own tenant. At different points in this setup, both our code and the NServiceBus code call IndexCreation.CreateIndexes or IDocumentStore.ExecuteIndex. Those calls, as well as calls to EnsureDatabaseExists on the system store are failing with this error:
I'm looking for some guidance on how to do this in a production environment, since setting AnonymousUserAccessMode.Admin is clearly not what should be done.
Here is some C# / Xunit code I pulled together to show fairly minimalistic failing scenarios:
using System;
using System.Collections.Specialized;
using System.ComponentModel.Composition.Hosting;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Text;
using Raven.Abstractions.Data;
using Raven.Client.Embedded;
using Raven.Client.Indexes;
using Raven.Database.Server;
using Xunit;
namespace RavenTests
{
public class DbInitTests
{
[Fact]
public void TestInitWithIndexes()
{
var dbRoot = "d:\\temp\\raventests\\t_" + DateTime.Now.Ticks;
var dbKey = Convert.ToBase64String(Encoding.UTF8.GetBytes(@"a key string"));
// embedded db with encryption, compression, and with specified folders
var store = new EmbeddableDocumentStore
{
DataDirectory = dbRoot,
Configuration =
{
DatabaseName = "testdb",
AnonymousUserAccessMode = AnonymousUserAccessMode.None,
AllowLocalAccessWithoutAuthorization = true,
Settings = new NameValueCollection()
{
{"Raven/WorkingDirectory", dbRoot},
{"Raven/AssembliesDirectory", Path.Combine(dbRoot, "Assemblies")},
{"Raven/CompiledIndexCacheDirectory", Path.Combine(dbRoot, "CompiledIndexCache")},
{"Raven/ActiveBundles", "Encryption;Compression" },
{"Raven/License", OurRavenLicense.LicenseText() },
{Constants.EncryptionKeySetting, dbKey}
}
},
};
// overriding the settings above with these settings allows the index creation to succeed
//---------------------------------------------------------------------------------------------------
//store.Configuration.Settings["Raven/Licensing/AllowAdminAnonymousAccessForCommercialUse"] = "true";
//store.Configuration.AnonymousUserAccessMode = AnonymousUserAccessMode.Admin;
//---------------------------------------------------------------------------------------------------
store.Initialize();
var catalog = new AssemblyCatalog(Assembly.GetExecutingAssembly());
var provider = new CompositionContainer(catalog);
/* fails with:
System.Security.SecurityException: Attempted to connect to a RavenDB Server that requires authentication using Windows credentials,
but either wrong credentials were entered or the specified server does not support Windows authentication.
If you are running inside IIS, make sure to enable Windows authentication.
*/
IndexCreation.CreateIndexes(provider, store.DatabaseCommands, store.Conventions);
}
[Fact]
public void TestInitWithTenant()
{
var dbRoot = "d:\\temp\\raventests\\t_" + DateTime.Now.Ticks;
var dbKey = Convert.ToBase64String(Encoding.UTF8.GetBytes(@"a key string"));
// embedded db with encryption, compression, and with specified folders
var store = new EmbeddableDocumentStore
{
DataDirectory = dbRoot,
Configuration =
{
DatabaseName = "testdb",
AnonymousUserAccessMode = AnonymousUserAccessMode.None,
AllowLocalAccessWithoutAuthorization = true,
Settings = new NameValueCollection()
{
{"Raven/WorkingDirectory", dbRoot},
{"Raven/AssembliesDirectory", Path.Combine(dbRoot, "Assemblies")},
{"Raven/CompiledIndexCacheDirectory", Path.Combine(dbRoot, "CompiledIndexCache")},
{"Raven/ActiveBundles", "Encryption;Compression" },
{"Raven/License", OurRavenLicense.LicenseText() },
{Constants.EncryptionKeySetting, dbKey}
}
},
};
// overriding the settings above with these settings allows the tenant creation to succeed
//---------------------------------------------------------------------------------------------------
//store.Configuration.Settings["Raven/Licensing/AllowAdminAnonymousAccessForCommercialUse"] = "true";
//store.Configuration.AnonymousUserAccessMode = AnonymousUserAccessMode.Admin;
//---------------------------------------------------------------------------------------------------
store.Initialize();
/* fails with:
System.Security.SecurityException: Attempted to connect to a RavenDB Server that requires authentication using Windows credentials,
but either wrong credentials were entered or the specified server does not support Windows authentication.
If you are running inside IIS, make sure to enable Windows authentication.
*/
store.DatabaseCommands.GlobalAdmin.EnsureDatabaseExists("nsb"); // create tenant to later feed to NServiceBus for Raven persistence
}
}
public class Simpleton
{
public Guid Id { get; set; }
public string TextProp { get; set; }
public int IntProp { get; set; }
}
public class AssessmentFunction_InputUsages : AbstractIndexCreationTask<Simpleton>
{
public class Result
{
public string IxKey { get; set; }
}
public AssessmentFunction_InputUsages()
{
Map =
simpletons =>
from doc in simpletons
select new
{
IxKey = doc.Id + doc.TextProp + doc.IntProp
};
}
}
}