Client API: Setting up Authentication and Authorization

  • Authentication and authorization are based on Client X.509 Certificates.

  • When your RavenDB instance runs on HTTPS, the server has a Server Certificate loaded.
    Your application must use a Client Certificate in order to access this secure server.

  • Obtain a Client Certificate from your cluster admin.
    The Client Certificate is generated by the admin from the Studio.

  • The security clearance (authorization level) for the generated Client Certificate is set during the process of generating the certificate.

  • Pass your Client Certificate to the Document Store before initialization, as shown in the example code below.
    The server will use this certificate to authenticate the client when connection is established.

Example - Initializing Document Store With a Client Certificate

// Load a X.509 certificate
X509Certificate2 clientCertificate = new X509Certificate2("C:\\path_to_your_pfx_file\\cert.pfx");

using (IDocumentStore store = new DocumentStore()
    // Pass your certificate to the `Certificate` property
    Certificate = clientCertificate,
    Database = "your_database_name",
    Urls = new[] {"https://your_RavenDB_server_URL"}
    // Do your work here