'Declaration Public Property AuthenticationMechanism As String
'Usage Dim instance As TdConnectionStringBuilder Dim value As String instance.AuthenticationMechanism = value value = instance.AuthenticationMechanism
public string AuthenticationMechanism {get; set;}
The .NET Data Provider supports the following session authentication mechanisms: TD2 (Teradata method 2), SPNEGO, LDAP, TDNEGO, and JWT. For a full description of these mechanisms, please reference the Teradata Security Administration chapter on Generic Security Services Library (TDGSS) - Managing Network Security. The default mechanism will be supplied from a client TeraGSS configuration file, if defined, and secondarily from the server's TDGSS configuration file. The default installation of the TDGSS server configuration file sets the value to TD2. The client default TeraGSS configuration file does not set a default value.
For the JWT mechanism, UserId and Password must be null or empty. The format for AuthenticationString is "token=value", where value is the JSON Web Token to be used for authentication.
The .NET Data Provider also supports the following authentication mechanisms that may be used with an OpenID Connect identity provider:
| Mechanism Name | Description |
|---|---|
| BEARER | Uses OIDC Client Credentials Grant with JWT Bearer Token for client authentication. UserId, Password and AuthenticationString must be null or empty. JwsPrivateKey and OidcClientId are required. JwsCert is only required for Identity Providers that require an "x5t" header thumbprint. OidcScope, OidcToken and JwsAlgorithm are optional. |
| CODE | Uses OIDC Device Code Flow, also known as OIDC Device Authorization Grant, for client authentication. AuthenticationString must be null or empty. CodeAppendFile, OidcClientId, OidcScope, OidcToken, OidcPrompt and OidcClaim are optional. If OidcClientId is not specified, the default value configured on the server will be used. If ConnectionPooling is enabled and UserId is provided, the value of the claim specified in OidcCLaim must match the UserId. The application may also use the TdConnection.DeviceAuthenticationMessage event to display the user code and verification URL for the user to complete authentication. |
| EXTERNALBROWSER | The Data Provider will launch the system-browser in order for the interactive user to authenticate with the Identity Provider. This feature must only be used in Desktop applications where a user can interact with the system browser. This feature must not be used in Server-Application scenarios. The Identity Provider must support OpenID Connect, and the AuthenticationString must be null or empty. UserId may be provided for use as the Identity Provider login hint. Password may be used to secure the tokens in the Token Cache. BrowserTabTimeout, OidcClientId, OidcScope, OidcToken, OidcPrompt and OidcClaim are optional. If OidcClientId is not specified, the default value configured on the server will be used. If ConnectionPooling is enabled and UserId is provided, the value of the claim specified in OidcCLaim must match the UserId. |
Please note that the TdConnectionStringBuilder.ConnectionTimeout property is in effect for the Identity Provider authentication process. If the Identity Provider authentication process takes longer than the Connection Timeout value, the connection attempt will fail.
Default Value: Please see the Teradata Security Administration User Manual discussion on the Generic Security Services Library (TDGSS) - Managing Network Security.
| Product | Versions | Platforms |
|---|---|---|
| .NET | 6, 7 | Windows, Linux, MacOS |
| .NET Framework | 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 | Windows |
| .NET Standard | 2.0 | Windows, Linux, MacOS |