Customizing the FIX logon process in a QuickFIX acceptor

Question

I'm using QuickFIX and C# to create a FIX acceptor (server). I want the client (the FIX initiator) to logon using a username and password. However, I'm not sure how I can do that in QuickFIX.

By debugging into the QuickFIX source code I have discovered the following sequence of events:

• QuickFIX will call Session::verify to verify the logon.
• Session::verify will perform various checks of things like comp ID's and sequence numbers and at some point determine that the logon received is valid.
• Session::verify will then call the Application::fromAdmin callback which I assume is the natural place to customize things like logon.
• However, at this point the logon has already been determined to be OK by QuickFIX and a corresponding logon message will be returned by the acceptor when the callback returns.

How do I customize the FIX logon process in an acceptor? Is modifying the QuickFIX code my only option?

Answer 1

fromAdmin notifies you when an administrative message is sent from a counterparty to your FIX engine. This can be usefull for doing extra validation on logon messages such as for checking passwords. Throwing a RejectLogon exception will disconnect the counterparty.

Session verification generally ckecks for the FIX Begin String, SenderCompID and target CompID. If this 3 are fine then session is set up(QuickFIXJ has other fields also for subcomp ids).

Even after Session has been set up messages wouldn't be accepted at the acceptor, for that specific session, till logon process has been completed. You will get a reject if you try so.

So in fromAdmin you can check for the incoming logon message request and check for the valid password, contained in the logon message, you expect for that connection/session.

Answer 2

If you are using 4.3 or greater, the Logon message can have a Password tag. If you are using a previous version, make it a custom tag and add it to the dictionaries. In the fromAdmin handler, check that the password is correct (from a lookup table or elsewhere). If it does not, throw a RejectLogon exception. If you don't throw this exception, QuickFix will assume everything is a-ok and log the user on.

Example (needs more sanity checks):

public void fromAdmin(Message message, SessionID id)
{
  var logon = message as QuickFix44.Logon;
  if (logon != null && logon.getPassword().getValue() != _passwords[logon.getUserName().getValue()])
  {
     throw new RejectLogon();
  }
}