Secure Your Data

On this page

Overview

Sample Application
SCRAM-SHA-256
SCRAM-SHA-1
MONGODB X.509
MONGODB-AWS
Connection URI
External Credentials

Overview

MongoDB supports multiple mechanisms that you can use to authenticate your application. This page contains code examples that demonstrate each of these mechanisms.

Tip

To learn more about any of the mechanisms shown on this page, see the link provided in each section.

To use an authentication example from this page, copy the code example into the sample application or your own application. Make sure to replace all placeholders in the code examples, such as <hostname>, with the relevant values for your MongoDB deployment.

Sample Application

You can use the following sample application to test the code examples on this page. To use the sample application, perform the following steps:

Ensure you have the C driver installed.
Copy the following code and paste it into a new .c file.
Copy a code example from this page and paste it on the specified lines in the file.

1 #include <mongoc/mongoc.h>
2 #include <bson/bson.h>
3 
4 int main(void) {
5 
6   mongoc_uri_t* uri = NULL;
7   mongoc_client_t *client = NULL;
8   mongoc_database_t *database = NULL;
9   bson_t *ping = NULL, reply = BSON_INITIALIZER;
10   bson_error_t error;
11 
12   mongoc_init();
13 
14   // Start example code here
15 
16   // End example code here
17 
18   database = mongoc_client_get_database (client, "admin");
19     
20   ping = BCON_NEW ("ping", BCON_INT32 (1));
21    
22   if (!mongoc_client_command_simple (client, "admin", ping, NULL, &reply, &error)) {
23     fprintf (stderr, "%s\n", error.message);
24     goto cleanup;
25   }
26   printf ("Pinged your deployment. You successfully connected to MongoDB!\n");
27 
28   cleanup:
29     bson_destroy (&reply);
30     bson_destroy (ping);
31     mongoc_database_destroy (database);
32     mongoc_client_destroy (client);
33     mongoc_uri_destroy (uri);
34     mongoc_cleanup ();
35 }

SCRAM-SHA-256

The following code shows how to authenticate by using the SCRAM-SHA-256 authentication mechanism:

const char *uri = "mongodb://<percent-encoded username>:<percent-encoded password>@<hostname>:<port>/?authMechanism=SCRAM-SHA-256&authSource=<authentication database>";
mongoc_client_t *client = mongoc_client_new(uri);

To learn more about SCRAM-SHA-256 authentication, see SCRAM-SHA-256 in the Authentication guide.

SCRAM-SHA-1

The following code shows how to authenticate by using the SCRAM-SHA-1 authentication mechanism:

const char *uri = "mongodb://<percent-encoded username>:<percent-encoded password>@<hostname>:<port>/?authMechanism=SCRAM-SHA-1&authSource=<authentication database>";
mongoc_client_t *client = mongoc_client_new(uri);

To learn more about SCRAM-SHA-1 authentication, see SCRAM-SHA-1 in the Authentication guide.

MONGODB X.509

The following code shows how to create a connection URI to authenticate by using the X.509 authentication mechanism:

mongoc_client_t *client;
mongoc_ssl_opt_t ssl_opts = {0};
ssl_opts.pem_file = "mycert.pem";
const char *uri = "mongodb://<percent-encoded username>@<hostname>:<port>/?authMechanism=MONGODB-X509";
mongoc_client_t *client = mongoc_client_new(uri);
mongoc_client_set_ssl_opts(client, &ssl_opts);

To learn more about X.509 authentication, see MONGODB-X509 in the Authentication guide.

MONGODB-AWS

The following sections show how to connect to MongoDB by using the MONGODB-AWS authentication mechanism. When you use the MONGODB-AWS mechanism, the C driver attempts to retrieve your AWS credentials from the following sources, in the order listed:

Named parameters passed to the connection URI
Environment variables
AWS EKS AssumeRoleWithWebIdentity request
ECS container metadata
EC2 instance metadata

Each section shows how to authenticate with MONGODB-AWS when retrieving your AWS credentials from a connection URI or the alternative external sources.

To learn more about authenticating with AWS, see MONGODB-AWS in the Authentication guide.

Connection URI

The following code shows how to pass AWS credentials in a connection URI to authenticate with MONGODB-AWS:

const char *uri = "mongodb://<AWS IAM access key ID>:<AWS IAM secret access key>@<hostname>:<port>/?authMechanism=MONGODB-AWS");
mongoc_client_t *client = mongoc_client_new(uri);

To learn more about authenticating with AWS by retrieving connection URI credentials, see Connection URI in the Authentication guide.

External Credentials

The following code shows how to authenticate with MONGODB-AWS when obtaining credentials from environment variables, ECS metadata, or EC2 instance metadata:

const char *uri = "mongodb://<hostname>:<port>/?authMechanism=MONGODB-AWS");
mongoc_client_t *client = mongoc_client_new(uri);

To learn more about authenticating with AWS by obtaining external credentials, see the following sections in the Authentication guide:

Back

Cluster Monitoring

Authentication Mechanisms

1	#include <mongoc/mongoc.h>
2	#include <bson/bson.h>
3
4	int main(void) {
5
6	mongoc_uri_t* uri = NULL;
7	mongoc_client_t *client = NULL;
8	mongoc_database_t *database = NULL;
9	bson_t *ping = NULL, reply = BSON_INITIALIZER;
10	bson_error_t error;
11
12	mongoc_init();
13
14	// Start example code here
15
16	// End example code here
17
18	database = mongoc_client_get_database (client, "admin");
19
20	ping = BCON_NEW ("ping", BCON_INT32 (1));
21
22	if (!mongoc_client_command_simple (client, "admin", ping, NULL, &reply, &error)) {
23	fprintf (stderr, "%s\n", error.message);
24	goto cleanup;
25	}
26	printf ("Pinged your deployment. You successfully connected to MongoDB!\n");
27
28	cleanup:
29	bson_destroy (&reply);
30	bson_destroy (ping);
31	mongoc_database_destroy (database);
32	mongoc_client_destroy (client);
33	mongoc_uri_destroy (uri);
34	mongoc_cleanup ();
35	}