Protecting Solr over HTTP
If you protect the Solr admin page with a user name and a password, you must configure Sitecore to use basic authentication when it makes a Solr request over HTTP.
When Sitecore starts, it makes a Solr request to check that Solr is up and running.
You can control how Sitecore communicates with Solr by specifying the implementation of the IHttpWebRequestFactory
interface of SolrNet that Sitecore uses.
You specify the implementation by patching the Sitecore.ContentSearch.DefaultSolrConfiguration.config
file. The factory class for Solr HTTP requests is in the <solrHttpWebRequestFactory type="HttpWebAdapters.HttpWebRequestFactory, SolrNet" />
node.
SolrNet provides the following default implementations:
-
HttpWebRequestFactory – the default factory class. It creates simple HTTP requests.
-
BasicAuthHttpWebRequestFactory – a factory class that creates an HTTP request that does basic authentication, using a user name/password combination that you specify.
-
ClientCertificateHttpWebRequestFactory – a factory class that creates an HTTP request that uses 509 Client Certificates.
If you, for example, want to support basic authentication for accessing Solr, you must specify the solrHttpWebRequestFactory
value in the following way:
For Sitecore versions prior to Sitecore 9, update 2:
<solrHttpWebRequestFactory type="HttpWebAdapters.BasicAuthHttpWebRequestFactory, SolrNet">
<param hint="username">USERNAME</param>
<param hint="password">PASSWORD</param>
</solrHttpWebRequestFactory>
where you specify the Solr USERNAME and PASSWORD that Sitecore uses in the HTTP request.
For later Sitecore versions, you must specify USERNAME and PASSWORD in the connection string like this:
<add name="solr.search" connectionString="https://USERNAME:[email protected]/solr" />