Authentication in MongoDB

Introduction

If you’re using MongoDB to store important data, you need to make sure that any users who attempt to log into the database are actually authorized to do so. That’s where authentication comes into play, verifying the identity of users before granting them access to data stored in MongoDB. In this article, we’ll take a look at how authentication in MongoDB works and review some examples of how to use it.

Prerequisite

Before moving forward with this tutorial, there’s only one key prerequisite that needs to be in place: Make sure that MongoDB is already installed and properly configured on your machine.

What is Authentication?

Let’s begin by providing a basic definition of the term authentication. The authentication process allows MongoDB to verify the identity of a connecting client. This process confirms that the client has valid credentials to be granted access to MongoDB resources. The terms authentication and authorization are sometimes used interchangeably; however, they actually work in different ways to secure your system and control access to data. While authentication simply determines the identity of a user, the authorization process gives the authenticated user access to assigned MongoDB resources.

Create a MongoDB User

In this section, we’ll be creating a sample MongoDB user that we can use for this tutorial. We’ll need to connect to our Mongo shell by opening the terminal or command prompt and typing mongo.

Once we’re connected to the Mongo shell, we can use the following command to connect to the admin database:

use admin

Now we can create our user using the following command:

> db.createUser(
  {
    user: "teamsolo",
    pwd: "1234teamsolo",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

The code shown above will create a user with the following details: – user – This indicates the username. – pwd – This indicates the user password. – role – This specifies the role of the user. In this case, the role is userAdminAnyDatabase, which provides privileges to all databases including the local and config databases (as of version 3.4).

The output should look something like this:

Successfully added user: {
        "user" : "teamsolo",
        "roles" : [
                {
                        "role" : "userAdminAnyDatabase",
                        "db" : "admin"
                }
        ]
}

MongoDB SCRAM Authentication

MongoDB provides various methods for authenticating users and validating credentials. Its default authentication tool is SCRAM.

What is SCRAM

Using SCRAM, MongoDB checks the supplied user credentials against the user’s name and password as well as its authentication database. In MongoDB, each user is created in a specific authentication database; this information, together with the user’s name, serves to identify the user.

SCRAM, which is also known as Salted Challenge Response Authentication Mechanism , adheres to the best practices set out in RFC 5802, which defines standards for authenticating users with a challenge-response mechanism.

Authenticating User

Now that we’ve covered some of the basics of authentication in MongoDB, let’s try to authenticate the user that we created in the previous section. We’ll use the following syntax: db.auth(“the_username”,”the_password”)

Using the credentials we defined earlier in the tutorial, our command will look like this:

> use admin
switched to db admin
> db.auth("teamsolo","1234teamsolo")
1

In the code shown above, MongoDB gives a notification of 1, which tells us that the user teamsolo was successfully authenticated.

NOTE: When you’re creating a MongoDB user and plan to assign user roles to it, be sure to follow the best practices for creating MongoDB user credentials.

Conclusion

When you’re storing sensitive data in MongoDB collections, it’s important to secure your deployment properly. Enforcing authentication is a key step you can take to keep your data secure. In this tutorial, we provided an introduction to the concept of authentication in MongoDB, and we explained how to create a user and how to create authentication against that user. We also provided an example of how to log in using the authentication details that we created. With our examples and explanations to guide you, you’ll be prepared to enable authentication on your own MongoDB deployment.

Pilot the ObjectRocket Platform Free!

Try Fully-Managed CockroachDB, Elasticsearch, MongoDB, PostgreSQL (Beta) or Redis.

Get Started

Keep in the know!

Subscribe to our emails and we’ll let you know what’s going on at ObjectRocket. We hate spam and make it easy to unsubscribe.