https://community.sap.com/t5/technology-q-a/seeking-advice-on-custom-authentication-for-capm-services-with-hana-cloud/qaa-p/13913597#M4889099 Hi Rahul, Security is embedded in the CAP framework. Running 'cds add xsuaa' will do the trick. To read more about it, I suggest the CAP documentation here: <A href="https://cap.cloud.sap/docs/guides/security/" target="_blank">https://cap.cloud.sap/docs/guides/security/</A> Mon, 21 Oct 2024 08:43:20 GMT Willem_Pardaens 2024-10-21T08:43:20Z https://community.sap.com/t5/technology-q-a/seeking-advice-on-custom-authentication-for-capm-services-with-hana-cloud/qaq-p/13759967 <P>Good day to everyone,</P><P>I'm new to the CAPM world and have recently started learning its concepts. We've developed CAP services and now need to secure them by implementing authorization and authentication.</P><P>SAP provides XSUAA, which ensures that only authorized users can access endpoints by establishing a trusted connection with identity providers for user authentication. This concept works well from SAP's perspective.</P><P>However, in our scenario, we have developed CAPM services that are bound to a HANA Cloud Database (HDI Containers). Our database/schema contains a users table (ID, Name, Username, Password). We want to implement a system where authorization and authentication occur only if the user exists in our user table.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="rahuljain257_0-1720898754410.png" style="width: 400px;"><img src="https://community.sap.com/t5/image/serverpage/image-id/136309i6EAD6FB85BEE0FC8/image-size/medium?v=v2&amp;px=400" role="button" title="rahuljain257_0-1720898754410.png" alt="rahuljain257_0-1720898754410.png" /></span></P><P>Instead of authenticating users against identity providers, I want to validate users against the records in our tables and generate a token if the records exist.</P><P>Is this approach correct? In ASP.NET Web API, we usually follow this practice.</P><P>Looking forward to your suggestions.</P><P>Best regards,<BR />Rahul Jain</P><P>&nbsp;</P> Sat, 13 Jul 2024 19:35:34 GMT https://community.sap.com/t5/technology-q-a/seeking-advice-on-custom-authentication-for-capm-services-with-hana-cloud/qaq-p/13759967 rahuljain257 2024-07-13T19:35:34Z https://community.sap.com/t5/technology-q-a/seeking-advice-on-custom-authentication-for-capm-services-with-hana-cloud/qaa-p/13760564#M4836860 <P>I would suggest to rethink this approach. The CAP framework relies on best practices for a lot of topics, including security. It uses BTP roles and HDI users to establish/govern access and connectivity to the service layer and database layer, and 'outsources' token handling to the XSUAA service.</P><P>If you want to use a custom list of users, I suggest to look at importing them to IAS so you can assign roles to them to access your application:&nbsp;<A href="https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/import-or-update-users-for-specific-application" target="_blank">https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/import-or-update-users-for-specific-application</A></P> Mon, 15 Jul 2024 07:12:39 GMT https://community.sap.com/t5/technology-q-a/seeking-advice-on-custom-authentication-for-capm-services-with-hana-cloud/qaa-p/13760564#M4836860 Willem_Pardaens 2024-07-15T07:12:39Z https://community.sap.com/t5/technology-q-a/seeking-advice-on-custom-authentication-for-capm-services-with-hana-cloud/qaa-p/13907311#M4888986 William_Pardaens - I am new to BTP World and learning. Can you please let me know where should I start to integrate User Authentication in CAP ? ? Sun, 20 Oct 2024 08:56:33 GMT https://community.sap.com/t5/technology-q-a/seeking-advice-on-custom-authentication-for-capm-services-with-hana-cloud/qaa-p/13907311#M4888986 rahuljain257 2024-10-20T08:56:33Z https://community.sap.com/t5/technology-q-a/seeking-advice-on-custom-authentication-for-capm-services-with-hana-cloud/qaa-p/13913597#M4889099 Hi Rahul, Security is embedded in the CAP framework. Running 'cds add xsuaa' will do the trick. To read more about it, I suggest the CAP documentation here: <A href="https://cap.cloud.sap/docs/guides/security/" target="_blank">https://cap.cloud.sap/docs/guides/security/</A> Mon, 21 Oct 2024 08:43:20 GMT https://community.sap.com/t5/technology-q-a/seeking-advice-on-custom-authentication-for-capm-services-with-hana-cloud/qaa-p/13913597#M4889099 Willem_Pardaens 2024-10-21T08:43:20Z