User Authentication in MongoDB

By Sruthy

By Sruthy

Sruthy, with her 10+ years of experience, is a dynamic professional who seamlessly blends her creative soul with technical prowess. With a Technical Degree in Graphics Design and Communications and a Bachelor’s Degree in Electronics and Communication, she brings a unique combination of artistic flair…

Learn about our editorial policies.
Updated March 7, 2024

All that You need to know about Authentication in MongoDB:

In this Free MongoDB training course, we discussed User creation and Assigning roles in MongoDB in our previous tutorial.

In this tutorial, we will take an in-depth look at User Authentication in MongoDB.

It is a process by which MongoDB identifies which client is valid and connected. MongoDB has to authenticate the user to provide access to any collection.

12.AUTHENTICATION IN MONGODB

Authorization and authentication are almost closely connected. The authorization allows access to resources and authentication validates the user information.

We can authenticate the user with the help of username and password which is associated with database instance. But before this, we have to build a relationship of the user with database collection.

Create User

Before starting authentication, we need to create a user who has all access to the current database. After creating the user we can authenticate that user according to the instance of the database.

From the following code, we can create a user for the admin database.

Syntax

db.createUser(user, writeConcern)
  • user – It is the type of document and contains authentication regarding the user information which you want to insert within the system.
  • writeConcern – It is the level of permission which is used to write something on physical memory.

Code

 use admin
db.createUser( { user: " AdminSTH",
pwd: " AdminSTH",
customData: { employeeId: 12345 },
roles: [ { role: "clusterAdmin", db: "admin" },
{ role: "readAnyDatabase", db: "admin" },
"readWrite"] },
{ w: "majority" , wtimeout: 5000 } ) 

The operation gives the following roles to AdminSTH:

  • The admin database clusterAdmin and readAnyDatabase roles.
  • The readWrite role in the product database.

Authentication

MongoDB provides a method by which we can authenticate any user to an instance of the database. This method requires two parameters, in the first parameter we have to declare the username and in the second parameter, we have to declare the password.

If the user gets authenticated, the resultant answer will be the one and if it is not authenticated then the answer will be zero.

MongoDB provides multiple ways to identify the client and validate its information. The default authentication mechanism is “SCRAM”. MongoDB also supports “LDAP” authentication.

Syntax

db.auth(“username”,”password”)

Code

 use admin
db.auth(“AdminSTH”,”AdminSTH”)

Figure 1: In Mongo Shell

Authentication in mongo db

Figure 2: In Robo 3T

Authentication in robo 3t

Conclusion

Authentication is the most critical point of view according to the security of MongoDB. It will allow us to validate and verify the information of the user who is connected with the current instance of MongoDB.

If any user has no association with the database collection which is called then the access automatically gets denied.

We discussed two major things in this tutorial. In the first part, we discussed the user and in the second part, we discussed the authentication of the user. Without having a user relationship with the database we cannot authenticate the user.

A code is provided to create a user, by passing the password and username we can authenticate any user in the return response of Boolean.

Check out our upcoming tutorial to know more about Aggregation in MongoDB!!

PREV Tutorial | NEXT Tutorial

Was this helpful?

Thanks for your feedback!

Leave a Comment