User Authentication with SAP Credentials from non-SAP Environment

0
votes

I'm developing a web application that Users have to login.

Can I use SAP authentication from out of SAP with RFC's or something like that?

Users will enter their SAP username and password, then SAP controls the information and let me know that these infos are right or not.

2
authenticationsaprfcsap-dotnet-connector
There really is not a lot of information here, my suggestion is read the java or .Net connector documentation and all will be revealed. Later.......SAP Pro
Server to server?iPirat

2 Answers

2
votes

Yes, this is possible. Whenever you want to execute a remote capable function module from outside the SAP system, you need to logon to that system anyway. You can use the user provided logon information instead of using a fixed username and password for your connection from web application to SAP system.

Please be aware that the function modules you want to call would be executed with the authorizations assigned to the user you use to logon. So your web application users would need the authorization to call function modules.

Implementation very much depends on the RFC library you decide to use. For instance, in SAP .Net Connector 3.0 you always use the RfcDestinationManager where you have to register your destinations in advance. But you can create a custom destination and override username and password in that destination before actually using it.

using SAP.Middleware.Connector;

public RfcDestination GetDestination(string destinationName, string username, string password) 
{
    dest = RfcDestinationManager.GetDestination(destinationName);
    customDest = dest.CreateCustomDestination();
    customDest.Client = dest.Client;
    customDest.User = username;
    customDest.Password = password;
    return customDest;
}

this snippet assumes the destination is already registered in the RfcDestinationManager, either through code or through configuration. It doesn't have to contain a valid login, username and password can be empty (as you will override them anyway). But the destination with Hostname, System Number and Id has to be there (although you can probably override those too, so you essentially might only need a blank destination with a name to start with).

if you only want to check the login information and don't want to execute the function modules in the user context, you can still create a second connection to the SAP system and check if you can connect. A third option would be to use function module SUSR_CHECK_LOGON_DATA and just check the username and password provided.

Using the username and password for all RFC calls has a few advantages: you can control the authorizations in the SAP system. SAP Netweaver has a comprehensive authorization model that allows you to assign very specific authorizations to users, allowing you to build roles for different usage scenarios, for instance read-only users, maintainers and admins (in the context of your web application). And when you use standard function modules to update data in the SAP system, the actual user who executed the change through your web application will later be visible as the one executing the change, not a generic web application user.

2
votes

You can use SAP Logon Ticket for logged in your user from SAP Netware. Please check below document.

General content: https://help.sap.com/saphelp_nw73/helpdata/en/d0/dc33c460a243929b7ec120f55af101/frameset.htm

Configuring SAP for creating logon ticket: https://help.sap.com/saphelp_nw73/helpdata/en/4a/b6df333fec6d83e10000000a42189c/frameset.htm