Examples - OPC UA Interaction - Allow endpoint domain

The example below triggers the component to ask the user whether he/she wants to accept an instance certificate whose domain does not match the URL used to connect to the server.

.NET

C#
VB.NET

// This example shows how in a console application, the user is asked to allow a server instance certificate with
// mismatched domain name.
//
// Find all latest examples here: https://opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Latest/examples.html .
// OPC client and subscriber examples in C# on GitHub: https://github.com/OPCLabs/Examples-QuickOPC-CSharp .
// Missing some example? Ask us for it on our Online Forums, https://www.opclabs.com/forum/index ! You do not have to own
// a commercial license in order to use Online Forums, and we reply to every post.

using System;
using OpcLabs.EasyOpc.UA;
using OpcLabs.EasyOpc.UA.OperationModel;

namespace UADocExamples.Interaction
{
    class AllowEndpointDomain
    {
        public static void Main1()
        {
            // Define which server we will work with.
            // Note that extra '.' at the end of the domain name. For the purpose of this example, it allows us to address
            // the same domain, but cause a mismatch with what the names that are listed in the server instance certificate.
            UAEndpointDescriptor endpointDescriptor = "opc.tcp://opcua.demo-this.com.:51210/UA/SampleServer";
            
            // Instantiate the client object.
            var client = new EasyUAClient()
            {
                // Enforce the endpoint domain check.
                Isolated = true,
                IsolatedParameters = {SessionParameters = {CheckEndpointDomain = true}}
            };

            UAAttributeData attributeData;
            try
            {
                // Obtain attribute data.
                // The component automatically triggers the necessary user interaction during the first operation.
                attributeData = client.Read(endpointDescriptor, "nsu=http://test.org/UA/Data/ ;i=10853");
            }
            catch (UAException uaException)
            {
                Console.WriteLine("*** Failure: {0}", uaException.GetBaseException().Message);
                return;
            }

            // Display results.
            Console.WriteLine("Value: {0}", attributeData.Value);
            Console.WriteLine("ServerTimestamp: {0}", attributeData.ServerTimestamp);
            Console.WriteLine("SourceTimestamp: {0}", attributeData.SourceTimestamp);
            Console.WriteLine("StatusCode: {0}", attributeData.StatusCode);
        }
    }
}

' This example shows how in a console application, the user is asked to allow a server instance certificate with
' mismatched domain name.
'
' Find all latest examples here: https://opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Latest/examples.html .
' OPC client and subscriber examples in VB.NET on GitHub: https://github.com/OPCLabs/Examples-QuickOPC-VBNET .
' Missing some example? Ask us for it on our Online Forums, https://www.opclabs.com/forum/index ! You do not have to own
' a commercial license in order to use Online Forums, and we reply to every post.

Imports OpcLabs.EasyOpc.UA
Imports OpcLabs.EasyOpc.UA.OperationModel
Imports OpcLabs.EasyOpc.UA.Engine

Namespace Interaction
    Friend Class AllowEndpointDomain
        Public Shared Sub Main1()

            ' Define which server we will work with.
            ' Note that extra '.' at the end of the domain name. For the purpose of this example, it allows us to address
            ' the same domain, but cause a mismatch with what the names that are listed in the server instance certificate.
            Dim endpointDescriptor As UAEndpointDescriptor = "opc.tcp://opcua.demo-this.com.:51210/UA/SampleServer"

            ' Instantiate the client object.
            Dim client = New EasyUAClient() With
            {
                .Isolated = True,
                .IsolatedParameters = New EasyUAClientAdaptableParameters() With
                {
                    .SessionParameters = New UASmartClientSessionParameters() With
                    {
                        .CheckEndpointDomain = True
                    }
                }
            }

            Dim attributeData As UAAttributeData
            Try
                ' Obtain attribute data.
                ' The component automatically triggers the necessary user interaction during the first operation.
                attributeData = client.Read(endpointDescriptor, "nsu=http://test.org/UA/Data/ ;i=10853")
            Catch uaException As UAException
                Console.WriteLine("*** Failure: {0}", uaException.GetBaseException.Message)
                Exit Sub
            End Try

            ' Display results.
            Console.WriteLine("Value: {0}", attributeData.Value)
            Console.WriteLine("ServerTimestamp: {0}", attributeData.ServerTimestamp)
            Console.WriteLine("SourceTimestamp: {0}", attributeData.SourceTimestamp)
            Console.WriteLine("StatusCode: {0}", attributeData.StatusCode)
        End Sub
    End Class
End Namespace

COM

Object Pascal
VBScript

// This example shows how in a console application, the user is asked to allow a server instance certificate with
// mismatched domain name.
//
// Find all latest examples here: https://opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Latest/examples.html .
// OPC client and subscriber examples in Object Pascal (Delphi) on GitHub: https://github.com/OPCLabs/Examples-QuickOPC-OP .
// Missing some example? Ask us for it on our Online Forums, https://www.opclabs.com/forum/index ! You do not have to own
// a commercial license in order to use Online Forums, and we reply to every post.

class procedure AllowEndpointDomain.Main;
var
  AttributeData: _UAAttributeData;
  Client: _EasyUAClient;
  EndpointDescriptor: string;
begin
  // Define which server we will work with.
  // Note that extra '.' at the end of the domain name. For the purpose of this example, it allows us to address
  // the same domain, but cause a mismatch with what the names that are listed in the server instance certificate.
  EndpointDescriptor := 'opc.tcp://opcua.demo-this.com.:51210/UA/SampleServer';

  // Instantiate the client object.
  Client := CoEasyUAClient.Create;
  // Enforce the endpoint domain check.
  Client.Isolated := true;
  Client.IsolatedParameters.SessionParameters.CheckEndpointDomain := true;

  try
    // Obtain attribute data.
    // The component automatically triggers the necessary user interaction during the first operation.
    AttributeData := Client.Read(EndpointDescriptor, 'nsu=http://test.org/UA/Data/ ;i=10853');
  except
    on E: EOleException do
    begin
      WriteLn(Format('*** Failure: %s', [E.GetBaseException.Message]));
      Exit;
    end;
  end;

  // Display results.
  WriteLn('Value: ', AttributeData.Value);
  WriteLn('ServerTimestamp: ', DateTimeToStr(AttributeData.ServerTimestamp));
  WriteLn('SourceTimestamp: ', DateTimeToStr(AttributeData.SourceTimestamp));
  WriteLn('StatusCode: ', AttributeData.StatusCode.ToString);
end;

Rem This example shows how in a console application, the user is asked to allow a server instance certificate with
Rem mismatched domain name.
Rem
Rem Find all latest examples here: https://opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Latest/examples.html .
Rem OPC client and subscriber examples in VBScript on GitHub: https://github.com/OPCLabs/Examples-QuickOPC-VBScript .
Rem Missing some example? Ask us for it on our Online Forums, https://www.opclabs.com/forum/index ! You do not have to own
Rem a commercial license in order to use Online Forums, and we reply to every post.

Option Explicit

' Define which server we will work with.
' Note that extra '.' at the end of the domain name. For the purpose of this example, it allows us to address
' the same domain, but cause a mismatch with what the names that are listed in the server instance certificate.
Dim endpointDescriptor: endpointDescriptor = "opc.tcp://opcua.demo-this.com.:51210/UA/SampleServer"

' Instantiate the client object.
Dim Client: Set Client = CreateObject("OpcLabs.EasyOpc.UA.EasyUAClient")
' Enforce the endpoint domain check.
Client.Isolated = True
Client.IsolatedParameters.SessionParameters.CheckEndpointDomain = True

' Obtain attribute data.
' The component automatically triggers the necessary user interaction during the first operation.
On Error Resume Next
Dim AttributeData: Set AttributeData = Client.Read(endpointDescriptor, "nsu=http://test.org/UA/Data/ ;i=10853")
If Err.Number <> 0 Then
WScript.Echo "*** Failure: " & Err.Source & ": " & Err.Description
WScript.Quit
End If
On Error Goto 0

' Display results
WScript.Echo "Value: " & AttributeData.Value
WScript.Echo "ServerTimestamp: " & AttributeData.ServerTimestamp
WScript.Echo "SourceTimestamp: " & AttributeData.SourceTimestamp
WScript.Echo "StatusCode: " & AttributeData.StatusCode

' Example output:
'
'OPC-UA Endpoint Domain Mismatch
'The effective host name in endpoint URL returned by the server does not match any of the domain names in the server certificate.
'Endpoint URL as returned by the server: opc.tcp://opcua.demo-this.com.:51210/UA/SampleServer
'The server certificate is for following domain names or IP addresses: opcua.demo-this.com
'This may be an indication of a spoofing attempt. Do you want to allow the endpoint anyway? [Y/n]: Y
'Value: -1.285897E+14
'ServerTimestamp: 11/28/2019 1:34:23 PM
'SourceTimestamp: 11/28/2019 1:34:23 PM
'StatusCode: Good

Python

Python (.NET)

# This example shows how in a console application, the user is asked to allow a server instance certificate with
# mismatched domain name.
#
# Find all latest examples here: https://opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Latest/examples.html .
# OPC client and subscriber examples in Python on GitHub: https://github.com/OPCLabs/Examples-QuickOPC-Python .
# Missing some example? Ask us for it on our Online Forums, https://www.opclabs.com/forum/index ! You do not have to own
# a commercial license in order to use Online Forums, and we reply to every post.
# The QuickOPC package is needed. Install it using "pip install opclabs_quickopc".
import opclabs_quickopc

# Import .NET namespaces.
from OpcLabs.EasyOpc.UA import *
from OpcLabs.EasyOpc.UA.OperationModel import *


# Define which server we will work with.
# Note that extra '.' at the end of the domain name. For the purpose of this example, it allows us to address
# the same domain, but cause a mismatch with what the names that are listed in the server instance certificate.
endpointDescriptor = UAEndpointDescriptor('opc.tcp://opcua.demo-this.com.:51210/UA/SampleServer')

# Instantiate the client object.
client = EasyUAClient()
# Enforce the endpoint domain check.
client.Isolated = True
client.IsolatedParameters.SessionParameters.CheckEndpointDomain = True

try:
    # Obtain attribute data.
    # The component automatically triggers the necessary user interaction during the first operation.
    attributeData = IEasyUAClientExtension.Read(client,
                                                endpointDescriptor,
                                                UANodeDescriptor('nsu=http://test.org/UA/Data/ ;i=10853'))
except UAException as uaException:
    print('*** Failure: ' + uaException.GetBaseException().Message)
    exit()

# Display results.
print('Value: ', attributeData.Value)
print('ServerTimestamp: ', attributeData.ServerTimestamp)
print('SourceTimestamp: ', attributeData.SourceTimestamp)
print('StatusCode: ', attributeData.StatusCode)

print()
print('Finished.')

The program output may look like this:

Console - Allow endpoint domain

Examples - Client OPC Unified Architecture

Examples - OPC Unified Architecture - Read a single attribute of a single node

Concepts

Unsolicited User Interaction

Console Interaction