[Server] [Client] Return BadIdentityTokenInvalid if use of anonymous identity token is not allowed (#3012)

romanett · web-flow · commit 9dac51b7a93e · 2025-02-28T10:13:30.000+02:00
* make Server return BadIdentityTokenInvalid if use of anonymous identity token is not allowed

* Change Response Code on Client side also to be consistent

* change response code ro BadIdentityTokenRejected
diff --git a/Libraries/Opc.Ua.Client/Session/Session.cs b/Libraries/Opc.Ua.Client/Session/Session.cs
@@ -5425,7 +5425,7 @@ private void OpenValidateIdentity(
                 if (identityPolicy == null)
                 {
                     throw ServiceResultException.Create(
-                        StatusCodes.BadUserAccessDenied,
+                        StatusCodes.BadIdentityTokenRejected,
                         "Endpoint does not support the user identity type provided.");
                 }
 
diff --git a/Libraries/Opc.Ua.Server/Session/Session.cs b/Libraries/Opc.Ua.Server/Session/Session.cs
@@ -902,7 +902,7 @@ private UserIdentityToken ValidateUserIdentityToken(
 
                     if (!found)
                     {
-                        throw ServiceResultException.Create(StatusCodes.BadUserAccessDenied, "Anonymous user token policy not supported.");
+                        throw ServiceResultException.Create(StatusCodes.BadIdentityTokenRejected, "Anonymous user token policy not supported.");
                     }
                 }
 

Original file line number	Diff line number	Diff line change
`@@ -5425,7 +5425,7 @@ private void OpenValidateIdentity(`
`5425`	`5425`	`if (identityPolicy == null)`
`5426`	`5426`	`{`
`5427`	`5427`	`throw ServiceResultException.Create(`
`5428`		`- StatusCodes.BadUserAccessDenied,`
	`5428`	`+ StatusCodes.BadIdentityTokenRejected,`
`5429`	`5429`	`"Endpoint does not support the user identity type provided.");`
`5430`	`5430`	`}`
`5431`	`5431`
Original file line number	Diff line number	Diff line change
`@@ -902,7 +902,7 @@ private UserIdentityToken ValidateUserIdentityToken(`
`902`	`902`
`903`	`903`	`if (!found)`
`904`	`904`	`{`
`905`		`- throw ServiceResultException.Create(StatusCodes.BadUserAccessDenied, "Anonymous user token policy not supported.");`
	`905`	`+ throw ServiceResultException.Create(StatusCodes.BadIdentityTokenRejected, "Anonymous user token policy not supported.");`
`906`	`906`	`}`
`907`	`907`	`}`
`908`	`908`