Hi :)
Ok, i'm just getting my head around all this new crt/pfx certificate stuff. Up until a week or 2 ago, I've been experimenting with RavenDB but with no security (option 3 in the start up wizard).
Now, I'm trying to connect using a custom made "User" Read/Write certificate which I did in the RavenDb Studio.
Now here's the kicker.
pseduo code, aspnet-core on startup...
Under ConfigureServices...
1. Create a new documentstore using my User pfx read/write cert.
2. Stick this doc-store in the stock IoC container.
Under Configure (where u do all the UseThis, UseThat, etc...
3. inject the document store into the Configure method (tick!)
4. check if the database "MyDatabase" exists in this RavenDb server.
5. if it doesn't, then create it and seed some fake data (if i have permission) else throw an exception and stop.
Now .. this is the kicked -> step #4.
logger.LogInformation("RavenDb check -> database exist and if any data exists...");
var existingDatabase = documentStore.Maintenance.Server.Send(new GetDatabaseRecordOperation(databaseName));
This fails because I don't have permission. Or more to the point, the current document store (using that "User" Read/Write pfx) doesn't have permission.
So I can use the "Cluster admin" pfx here, which i sorta don't want to -- i'm trying to limit the scope of my security/exposure.
Or ... can I still use the "User" read/write pfx but ... do something else?
If the database doesn't exist in this server, i know I'l need admin rights to create it, so i'm HAPPY to just throw an exception and call it a day if the pfx in use doesn't have those rights. But I still would like this check, though.
So, is there any other options I should do/try?
Cheers!