cancel
Showing results for 
Search instead for 
Did you mean: 

Login security for .NET Connector remote function calls

former_member197445
Contributor
0 Kudos

What is the best practice these days for sending a user login through the .NET connector?  In all of our web apps that use the SAPNCo, we use a service user to log in and perform the FM code.  The web application, therefore, has one RfcDestination that is logged in as this service user.  How then would we send a user login to be used for executing the FM -- BAPI_PO_CREATE1, for example.  It is much more important to capture who the user is in this case.

I know there is the use of the RfcCustomDestination, as described here () but I was wondering if there are any other options available.

Any tips for this predicament?

Accepted Solutions (1)

Accepted Solutions (1)

MarkusTolksdorf
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hello Case,

The approach in NCo for this purpose is to use RfcCustomDestination, as already recognized by you. Thus you can challenge the user for his personal password and set those credentials for the logon. Best variant is to provide a repository user and password in the configured destination so that metadata is then read with a user that is restricted to metadata lookup permissions only.

In case the infrastructure would issue a token for the logged on user, one could imagine that with such a token and trust between the ABAP system and the NCo application could do some kind of SSO. However, NCo runtime is not prepared so far to allow such a setup.

Best regards,

Markus

former_member197445
Contributor
0 Kudos

Thanks.

Answers (0)