• Webinars
  • Docs
  • Download
  • Blogs
  • Contact Us
Show / Hide Table of Contents
  • Programmer's Guide
  • Client Side API Programming
    • Setting Up Development Environment
    • Basic Cache Operations
      • Initialize Cache
      • Add Data to Cache
      • Update Data in Cache
      • Fetch Data From Cache
      • Remove Data From Cache
      • Dispose Cache
    • Bulk Operations
      • Adding Collection to Cache
      • Updating Collection in Cache
      • Retrieving Collection from Cache
      • Removing Collection from Cache
      • Deleting Collection from Cache
    • Asynchronous Operations
      • Using Asynchronous Operations
      • Using Asynchronous Operations with Callback Methods
    • Groups and Subgroups
      • Adding/Updating Data Group in Cache
      • Retrieving Data Group from Cache
      • Removing Data Group from Cache
    • Tagging Data in NCache
      • Creating Tags
      • Adding Items with Tags
      • Retrieving Previously Tagged Data
      • Removing Tagged Items from Cache
    • Named Tags
    • Data Expiration Strategies
      • Using Absolute Expiration
      • Using Sliding Expiration
    • Cache Dependencies
      • Key Dependency
      • File Dependency
      • Notification based Dependencies
        • Database Dependency using SQL Server
        • Database Dependency using Oracle
      • Polling Based Dependency
      • Custom Data Source Dependency
      • Multiple Cache Sync Dependency
      • Aggregate Dependency
      • Add Dependency to Existing Item
      • Using CLR Procedures to Call NCache
    • Locking Data in NCache
      • Locking Items in Cache (Pessimistic Locking)
      • Locking Items with Cache Item Versioning (Optimistic Locking)
    • SQL Reference for NCache
      • SQL Syntax
      • Querying Samples for Operators
      • Querying Data in NCache
      • NCache Language Integrated Query (LINQ)
        • Using LINQ in NCache
        • Configuring LINQPad for NCache
        • Querying NCache Data in LINQPad
    • Event Notifications
      • Cache Level Event Notifications
      • Item Level Event Notifications
      • Custom Event Notifications
    • Publish/Subscribe (Pub/Sub) in NCache
      • Pub/Sub Topics
      • Managing Topics
      • Pub/Sub Messages
        • Message Behavior and Properties
        • Creating a Message
      • Publish Messages to Topic
      • Subscribe for Topic Messages
      • Monitoring Pub/Sub Topics
    • Continuous Query
    • Using Streams in NCache
      • Opening with Stream Modes
      • Adding and Updating Data with Streams
      • Retrieving Data from Streams
      • Closing a Stream
    • Security and Encryption
      • NCache Security
      • NCache Data Encryption
    • Data Compression
    • NCache Management API
  • Server Side API Programming
    • Cache Startup Loader
      • Components of Cache Startup Loader
      • Sample Implementation of ICacheLoader on Single Node
      • Sample Implementation of ICacheLoader with Distribution Hints
    • Data Source Providers (Backing Source)
      • Read-Through Caching
        • Configure Read-Through Provider
        • Using Read-Through with Cache Operations
      • Write-Through Caching
        • Configuring Write-Through Provider
        • Using Write-Through with Basic Operations
        • Using Write-Behind with Basic Operations
        • Using Write-Behind with Bulk Operations
        • Using Write-Behind with Async Operations
        • Monitor Write-Through Counters
    • Custom Dependency
      • Sample Implementation of Custom Dependency
      • Sample Usage of Custom Dependency
    • WAN Replication through Bridge
      • Bridge Configurations
      • Implementing Bridge Conflict Resolver
    • Entry Processor
      • Sample Implementation of IEntryProcessor Interface
      • Sample Usage of EntryProcessor
    • MapReduce
      • Sample Implementation of MapReduce Interfaces
      • Sample Usage of MapReduce
    • Aggregator
      • Sample Implementation of IValueExtractor Interface
      • Sample Implementation of IAggregator Interface
      • Sample Usage of Aggregator
    • Dynamic Compact Serialization
  • Client Side ASP.NET Features
    • ASP.NET
      • ASP.NET Session State Provider for NCache
      • Multi-Region ASP.NET Session State Provider for NCache
    • ASP.NET Core
      • Session Storage in ASP.NET Core
        • Configure NCache ASP.NET Core Session Provider
        • Configure ASP.NET Core Sessions with NCache IDistributedCache Provider
      • Multi-Region ASP.NET Core Session Provider for NCache
      • Object Caching in ASP.NET Core
    • ASP.NET SignalR
      • Using NCache Extension for SignalR
    • View State Caching
      • Configuring and Using Content Optimization
      • Group View State with Sessions
      • Limit View State Caching
      • Perform Page Level Grouping for View State
    • ASP.NET Output Cache
      • Configure ASP.NET Output Caching
      • Using ASP.NET Output Cache with Custom Hooks
  • Client Side Third Party Integrations
    • Migrating AppFabric to NCache
      • AppFabric API vs. NCache API
    • NHibernate
      • NCache as NHibernate Second Level Cache
      • Using NHibernate Query Caching
      • Configuring Database Synchronization with NHibernate
    • Entity Framework Caching Integration
      • NCache as Entity Framework Second Level Cache
      • Entity Framework Caching Config File
    • Entity Framework Core Caching
      • Installing NCache Entity Framework Core Provider
      • Configuring NCache Entity Framework Core Provider
      • Using NCache Entity Framework Core Provider
        • Caching Options for EF Core Provider
        • LINQ APIs for EF Core Provider
        • Cache Only APIs for EF Core Provider
        • Query Deferred APIs for EF Core Provider
      • Logging in NCache Entity Framework Core Provider
    • Memcached
      • NCache Memcached Gateway Approach
      • Memcached Client Plugin for .NET
    • Debug NCache Providers in Visual Studio
    • NCache for Visual Studio Extension

NCache Security

Distributed cache operates in an environment having access to many different users, where any user can change the cache configuration, perform any management operation or can have access to the cache data without any restriction. The concern of cache security arises when you are dealing with critical data or you don't want everyone to have administrative access rights to your cache server other than the list of authorized users. NCache security mechanism works with any LDAP supported Directory Services. All users are authenticated against LDAP supported Directory Services. NCache provides you with a security feature with different levels of granularity that you can implement as per your requirements.

Security Access Levels

NCache’s security feature incorporates security at two distinct access levels:

  • Administrative/Management Level
  • Cache API Level

These levels of security are intended to secure both management and client level access to your cache. By default, the security feature is disabled for both the access levels.

Administrative/Management Level Security

Management level security in NCache ensures that a remote cluster node is protected from any unauthorized user access. It is used to validate authorized users who have access to perform any management and configuration related operation on a cluster node. To secure an overall multi-node cache cluster, you must have to enable security on each individual node of the cluster. Administrative tools like Manager and command line tools are integrated with security framework and provide you with the option to perform operations in a secured environment.

To learn how to configure security on a node, see Configuring Security in NCache Administrators' guide.

What is secured by Enabling Management Level Security?

Once, you configure management level security on your server node allowing few users to have administrative permissions, no users other than those specified, will have access to perform any management operations on your node such as:

  • Create new cache
  • Remove existing cache
  • Add existing cache
  • Start cache
  • Stop cache
  • Restart cache
  • Refresh cache

Privileged System Administrator

The list of authorized users is marinated in security.conf. Only a local administrator on that machine can enable security. Users other than those configured as your node administrators are not permitted to perform any management related operation on your node. But there is one exception: a user is also granted administrative permissions if he is local system administrator on that system.

It means that a local window administrator always has administrative rights and permissions whether managerial operation is performed locally, or from any other server node, using local windows credentials. So if a node is not authorized as an administrator and you are using that node to perform an operation on your personal machine, all that you need is to provide your system credentials and you are allowed to do any remote management operation on your system.

Cache API Level Security

Cache level security in NCache ensures that cache data is protected from any unauthorized user access. Cache API level security is used to validate authorized users who try to establish a connection with cache via NCache API. By enabling cache level security, you can control whether all or few clients can access the cluster cache data for either reading or writing. Only clients verified as valid and authenticated users are allowed to perform cache level operations.

To learn how to configure security on a cache, see Configuring Security for Cache in NCache Administrators' guide.

What Is Secured by Enabling API Level Security?

Once, you configure cache level security on a cache allowing few users to have cache API authorization, no users other than those specified will have access to perform any cache operations on the cache such as:

  • Initialize cache
  • Get data
  • Add data
  • Remove/update data etc.

If security is enabled on a cache, then credentials must be provided along with the initialize cache call to establish a connection. This list of authorized users for each is maintained in the <configuration> section of config.ncconf.

Using Security in NCache

To utilize the API, include the following namespace in your application: Alachisoft.NCache.Web.Caching.

For using security after configuring security, security credentials need to be mentioned for initializing cache using CacheInitParams:

try
{
    CacheInitParams ciParam = new CacheInitParams();
    ciParam.PrimaryUserCredentials = new SecurityParams("primaryUserId", "primaryUserPassword");
    ciParam.SecondaryUserCredentials = new SecurityParams("secondaryUserId", "secondaryUserPassword");

    Cache cache = NCache.InitializeCache("myreplicatedcache", ciParam);
}
catch (Exception exp)
{
    // handle exception
}

Or as an alternative, the security credentials can be provided in the property file of your application:

./media/image1.png

try
{
    string userName = string.Empty;

    string password = string.Empty;
    if (System.Configuration.ConfigurationManager.AppSettings["Username "] != null){
      userName = System.Configuration.ConfigurationManager.AppSettings["Username"].ToString();
    }
    if (System.Configuration.ConfigurationManager.AppSettings["Password"] != null){
      password = System.Configuration.ConfigurationManager.AppSettings["Password"].ToString();
    }

    CacheInitParams cacheParam = new CacheInitParams();
    cacheParam.PrimaryUserCredentials = new SecurityParams(userName, password);

    // Initializing cache with security credential provided in web/App.config file
    Cache cache = NCache.InitializeCache("mycache", cacheParam);
}
catch (Exception ex)
{
    // handle exception
}

Troubleshooting

Alachisoft.NCache.Runtime.Exceptions.SecurityException

This exception is raised if an unauthorized user tries to perform cache operations, or wrong credential information is given in the InitializeCache() overload or in client.ncconf file.

Workaround

  1. Check if you have given correct credential information through API or in client.ncconf. A typing mistake can be the result of this exception.

  2. See if the specified user exists under given domain in LDAP. Login credentials are required to belong to any WINDOWS Server hosting the user login and running Active Directory services.

  3. Check if you have given a double slash '//' to separate domain name and User ID when passing them as a string through API. Sometimes a single slash is given, which is recognized as an escape sequence. In that case, no compile time error arises, rather it results in a security exception.

Back to top Copyright © 2017 Alachisoft