Sitecore – How to create and configure authentication to a MongoDB standalone replica set

Posted on Updated on

In this post, I would focus on providing steps on how to create and configure authentication to a MongoDB standalone replica set.

Before we get started, my assumptions are you have the at least a basic and a good understanding with the following:

  1. Basic understanding of MongoDB and how it works with Sitecore
  2. Windows Command Prompt commands literate
  3. Access to the MongoDB
  4. Knowledge the MongoDB shell is located inside the server
  5. MongoDB version 3.0.0 or higher (tested against 3.20)
  6. Willingness to learn

To give a background on the topic, here’s a piece of information about replication from the MongoDB official site.

A replica set in MongoDB is a group of mongod processes that maintain the same data set. Replica sets provide redundancy and high availability, and are the basis for all production deployments. This section introduces replication in MongoDB as well as the components and architecture of replica sets. The section also provides tutorials for common tasks related to replica sets.

Create Authentication

  • Validate if the MongoDB service is running. You can check it by opening the service.msc from the run window (ctrl+r), we will not cover how to setup mongoDB as a windows service in this article.
  • Open the windows command prompt (ctrl+r, cmd) as administrator
  • Run the Mongo shell, in my case, it’s located under Y:\mongodb\bin\mongo.exe
  • Create the administrative user. Again, we are running this in a standalone replica set.
    • Note: You would receive “Successfully added user…”, and will not be used by your Sitecore application. This is only meant to be used by your system admintrators

UserAdminAnyDatabase role

Provides the same access to user administration operations as userAdmin, except it applies to all but the local and config databases in the cluster. The role also provides the following actions on the cluster.

Root role

Provides access to the operations and all the resources of the readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase, clusterAdmin roles, restore, and backup roles combined.

  • To check the newly created admin user, in the command prompt type:

use admin



Note: The admin database is unique in MongoDB. Users with normal access to the admin have read and write access to all databases.

  • Exit on the Mongo shell. Delete the Mongodb service. In the command prompt paste:

net stop MongoDB

sc.exe delete MongoDB

Note: If you encountered failed deletion. Make sure you run the command prompt in an administrator mode.

  • Recreate the MongoDB service with –Auth

sc.exe create MongoDB binPath= "Y:\mongodb\bin\mongod.exe –service --auth --config=\"Y:\mongodb\mongod.cfg\" --replSet=\"rs0\"" DisplayName= "MongoDB" start= "auto"

Note: This assumes you know the location of your mongodb configuration, the mongodb shell and your replica set name. MongoDB will start automatically even after you restart the server. At this moment, collection databases analytics, tracking_contact, tracking_history and tracking_live are not available to be read and write by Sitecore application.

Also, if the services (services.msc) is opened, please ensure you close it otherwise you would encounter ‘[SC] CreateService FAILED 1073: The specified service has been marked for deletion.’. If it still fails, stop the MongoDB directly in services.msc.

  • The return status should be ‘[SC] CreateService SUCCESS” before proceeding. After that, in the command prompt paste:net start MongoDB

net start MongoDB

Note: You should see the MongoDB is running in services (services.msc)

  • Authenticate as admin, open the MongoDB shell (Y:\mongodb\bin\mongo.exe) again.

use admin


Note: You’ll receive value 1 when successful.

  • Open a mongo shell again, ensure that you’re in the right replica set, db admin and authenticated with your admin login. See step#10. Sitecore have four (4) collection databases in Mongo; Analytics, tracking_live, tracking_history, and tracking_contact. We need to create user in each of them.

use analytics

db.createUser({user: "scdbreadwrite",pwd: "abcd4321",roles: [ { role: "readWrite", db:"analytics" } ] })

use tracking_live

db.createUser({user: "scdbreadwrite",pwd: "abcd4321",roles: [ { role: "readWrite", db:"tracking_live" } ]  })

use tracking_history

db.createUser({user: "scdbreadwrite",pwd: "abcd4321",roles: [ { role: "readWrite", db:"tracking_history" } ]  })

use tracking_contact

db.createUser({user: "scdbreadwrite",pwd: "abcd4321",roles: [ { role: "readWrite", db:"tracking_contact" } ]  })

Important: Change the username and the password.

Note: Upon completion of the above user creations. You will receive a message ‘Successfully added user…’ similar on the screenshot below.

  • To check the created users in the replica set, please use the following.

use analytics


use tracking_live


use tracking_history


use tracking_contact


Note: You would see like this.

Important: Arbiters are mongod instances that are part of a replica set but do not hold data. Arbiters participate in elections in order to break ties. If a replica set has an even number of members, add an arbiter. Official document here.

  • Open RoboMongo If not yet installed, you can download the software here. (optional)
  • Once the RoboMongo is opened, file > connect (ctrl + n), then create a connection. (optional)
    • In the connection tab:
      1. Specify the name that will help you to identify this connection.
      2. Specify the host and port of the MongoDB server, port is 27017.
    • In the authentication tab:
      1. Check the Perform Authentication checkbox
      2. Database: <collection database>
      3. Username: <scdbreadwrte> or the username you used for MongoDB for your Sitecore application. See steps# 10 & 12.
      4. Password: The password
      5. Auth Mechanism: SCRAM-SHA-1 (default in v3.0>)
      6. Click test, click save.
  • Repeat for the four (4) collection databases
    1. analytics
    2. tracking_live
    3. tracking_contact
    4. tracking_history

In the next sections of the MongoDB series, we would cover the the

Or if you are working on enabling internal authentication and disabling the bypass of the authentication, check this out.


2 thoughts on “Sitecore – How to create and configure authentication to a MongoDB standalone replica set

    […] In this post, we will tackle how to enable internal authentication for your MongoDB replica set and also we will disable the authentication bypass via localhost exception as part of the MongoDB Hardening series. If you are looking at just enabling the authentication on a standalone replica set, check the Sitecore – How to create and configure authentication to a MongoDB standalone replica set.  […]


    […] How to create and configure authentication to a MongoDB standalone replica set. […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s