Skip to Content

8.9.1. Authentication

   

In general, the procedure of client access to an Internet service is as follows:

https://kb.1ci.com/bin/download/OnecInt/KB/1C_Enterprise_Platform/Guides/Administrator_Guides/1C_Enterprise_8.3.22_Administrator_Guide/Chapter_8._Setting_up_web_services_for_1C_Enterprise/8.9._Safety_while_using_Internet_services/WebHome/en_image064.pngFig. 67. Internet service connections

There are three different types of authentication:

  • On a proxy server. This authentication is not directly related to the use of a web server, but you should remember about it if you need to use an Internet service from a network behind a proxy server.
  • On a web server. In this case, the following authentication types can be used:
    • Anonymous authentication. In this case, all requests coming from the web server are performed under a special user who impersonates the "anonymous" connection.

      In this case, the authentication in 1C:Enterprise is performed using the username and password passed in the HTTP request.

    • Basic authentication. In this case, the client of the Internet service passes username and password for authentication to the web server in an HTTP request that is generated when accessing the web server.

      In order to successfully perform this type of authentication, the username and password used to access 1C:Enterprise must also be used to access the web server. If a user, whose parameters are passed in an HTTP request, cannot access the web server, it means that they will not be able to use the Internet service.

    • OS authentication. In this case, the web server determines the OS user on whose behalf the Internet service accesses 1C:Enterprise and further this particular data is used.

      In this case, the web server determines the OS user who is trying to access the web server, and then transfers to 1C:Enterprise both the parameters of the OS user and the data passed in the HTTP request to the Internet service. If the HTTP request contains the username and password, they are used for authentication, and the OS user data is not used. If the username and password are not specified in the HTTP request, the data of a specific OS user is used.

      For a thin client connecting to the infobase via HTTP protocol (via a web server), and for a web client, the OS authentication operation is based on the possibility of impersonalizing a web browser user or a thin client user in a web server thread that executes HTTP requests. The impersonation of users by a web server depends on the type and setting of the web browser used, the type and setting of the web server, the settings of individual user rights, domain security policies, and so on. Impersonation is not always possible.

      The corresponding settings are the subject of the administration of the network environment and are beyond the scope of the 1C:Enterprise documentation.

  • 1C:Enterprise authentication. To perform this authentication, the web server extension uses the username and password that are transmitted by the web server (when using Basic authentication or OS authentication on the web server). If you use anonymous authentication on a web server, 1C:Enterprise will request Basic authentication from the caller. 1C:Enterprise expects that the username and password of the user will be passed in UTF-8 encoding.

    If the Internet service is accessed from the Microsoft Internet Explorer web browser, it is not recommended to use non-Latin characters in the username and password.

When interacting with a web server, it is possible to organize operation via a secure channel (see article Operations over a secure channel).

When using the file mode of the infobase, the users on whose behalf access is performed must have access to the execution of the files of the required version of 1C:Enterprise and the rights to read and modify data in the infobase directory.

   

Icon/Social/001 Icon/Social/006 Icon/Social/005 Icon/Social/004 Icon/Social/002