• Products
  • Solutions
  • Customers
  • Resources
  • Company
  • Pricing
  • Download
Try Playground
  • Configure Security
  • Configure Authentication and Authorization
Show / Hide Table of Contents
  • Administrator's Guide
  • NCache Architecture
    • Cache Topologies
      • Partitioned Topologies
      • Replicated Topology
      • Mirrored Topology
      • Scalability in Topologies
    • Dynamic Clustering
    • Local Cache
    • Cache Client
    • Client Cache
    • Bridge for WAN Replication
    • Connectivity with Load Balancer
    • Serialization Format
    • Data Encryption
    • Data Compression
    • Data Load Balancing
    • Pipelining
    • Cache Server Backward Compatibility
    • Client Backward Compatibility
    • Eviction
    • Indexing
    • Split-Brain
    • Maintenance Mode
    • Runtime Data Sharing
    • Portable Data Types
    • Class Versioning
    • IP Binding with Multiple NICs
    • Graceful Node Down
    • Separate Cache Host Process
    • Self Healing Dynamic Clustering
    • Distributed Cache with Persistence
  • NCache Management Center
  • Configure Caches
    • Create a Cache
      • Local Cache Overview
        • Local Cache
        • Local Cache with Persistence
        • Pub/Sub Messaging Cache
        • Add Existing Cache
      • Clustered Cache Overview
        • Distributed Cache
        • Persistent Distributed Cache
        • Pub/Sub Messaging Cache
        • Add Existing Clustered Cache
        • Troubleshooting
    • Remove Cache
    • Clear Cache
    • Add Server Node
    • Remove Server Node
    • Add Test Data
    • Configure Query Indexes
    • Configure JSON Query Indexes
    • Compact Serialization
      • Non-Generic Registration
      • Non-Generic Unregistration
      • Generic Registration
      • Using Type Handler
    • Deploy Providers
    • Configure Custom Dependency
    • Add Data Source Providers
      • Read-Through Provider
      • Write-Through Provider
      • Write-Behind Provider
    • Loader and Refresher
    • Configure Maintenance Mode
      • Stop for Maintenance Mode
      • Exit Maintenance Mode
    • Configure LINQPad
      • Configure LinqPad for NCache
      • Querying Data in LinqPad
  • Configure Clients
    • Add Client Node
    • Remove Client Node
  • Configure Client Cache
    • Create Client Cache
    • Create Client Cache with NuGet
    • Enable Client Cache on Client Nodes
    • Disable Client Cache on Client Nodes
    • Remove Client Cache
  • Management Operations
    • Start Cache
    • Stop Cache
    • Restart Cache
    • Manage Cache Service on a Server Node
    • Memory Dumps
    • Data Load Balancing
    • Invoke Refresher Dataset
    • Import/Export Cache Data
    • Import Lucene Indexes
    • Suspend/Resume NCache Data Persistence
    • Backup and Restore NCache Persisted Data
  • Cache Settings
    • General Cache Settings
      • Cache Size
      • Cache Isolation Levels
      • Cache Serialization Format
      • Cache Data Expiration
    • Cache Cluster Settings
      • Ports
      • Operation Timeout
      • Configure Pipelining
      • Static Replication Interval
      • Connection Retries
      • Retry Interval
      • Split-Brain Auto Recovery
    • NCache Persistence Settings
      • Store Information
      • Persistence Interval
    • Error Logging
    • Cache Level Events
    • Client Activity Events
    • Eviction Policy
    • MapReduce
    • Register Classes for Portable Data Sharing
    • Compression
    • Email Notifications
    • Bind IP with Multiple NICs
      • Bind Cluster with a Dedicated IP
      • Bind Client/Server with a Dedicated IP
    • Heartbeat
    • Keep Alive
    • Client Death Detection
    • Communication Reliability
    • Auto Start Cache on Boot
    • Nagle's Algorithm
    • Dual Socket
    • Configuration Files
      • Client Side Configurations
        • Client Config
        • EFCaching Config
      • Server Side Configurations
        • Cache Config
        • Bridge Config
        • Modules Config
        • Security Config
        • TLS Config
        • Monitoring Config
        • Emails Template
  • Cache Server Settings
    • Server Connectivity
    • Bind to Multiple NICs
    • Server Ports
    • Memory
    • Custom Dependency
    • Request Inquiry
    • Windows Events
    • Message Events
    • Expiration & Eviction
    • SQL Server
    • Logging
    • Monitoring
    • Persistence Data Loading Retries
    • Miscellaneous Configurations
  • Bridge Server Settings
  • Cache Client Settings
  • Client Cache Settings
  • Configure Security
    • Configure Authentication and Authorization
    • Configure Encryption for Cache
    • Configure TLS Encryption
    • Configure HTTPS for NCache Management Center
  • Configure Bridge for WAN Replication
    • Create Bridge
    • Add Clustered Caches to Bridge
    • Configure Bridge Settings
    • Change Cache Synchronization Modes
    • Bridge Management
    • Synchronize Caches in Bridge
    • Leave Bridge
    • Remove Cache from Bridge
    • Configure Conflict Resolver
  • Setup Database for Cache Synchronization
    • Setup SQL Server Environment
    • Setup Oracle Database Environment
    • Setup OleDb Environment
    • Setup SQL Server for CLR Procedures
  • Simulate NCache Usage
  • Monitor Caches
    • Counters
      • Distributed Cache Counters
      • Distributed Cache with Persistence Counters
      • Pub/Sub Messaging Cache Counters
      • Distributed Lucene Cache Counters
      • Cache Client Counters
      • Bridge Counters
    • Monitor NCache using the NCache Management Center
      • Using Tabular Statistics
        • Configure Counters to Display Caching Statistics
        • Configure Counters to Display Pub/Sub Statistics
        • Configure Counters to Display Lucene Statistics
        • Configure Counters to Display Bridge Statistics
        • Browse Cache Statistics
        • Monitor Bridge
      • Using Monitoring Dashboards
        • Configure Monitor Settings
        • Configure Event Logging
        • Configure API Logging
        • Monitor with a Built-In NCache Monitor Dashboard
        • Monitor with the NCache Monitor Custom Dashboard
        • Monitor Cluster Connectivity
        • Monitor Cache Clusters using NCache Email Alerts
    • Monitor Cache Using Command Line Tools
      • Monitor Cache Server Statistics with Command Line Tools
      • Monitor Cache Client Statistics with Command Line Tools
    • Monitor NCache Using Windows PerfMon Tool
      • Monitoring Cache Server Counters using PerfMon
      • Monitoring Cache Client Counters using PerfMon
      • Monitor Bridge Counters Using PerfMon Tool
    • Monitor NCache using Prometheus
    • Monitor NCache using Grafana
    • Monitor NCache Using SNMP Counters
    • Monitor NCache Using JMX Counters
    • Logging
      • NCache Log Viewer
      • Performance Counters Logging
      • Windows Event Logging
      • Cache Health Alerts
      • Email Notifications on NCache Events
      • Cache Server Logging
      • Client Side API Logging
      • Cache Event IDs
      • Feature Usage Logging
    • Troubleshooting NCache Monitoring
      • Computer Name Not Found
      • Diskperf Not Installed
      • No READ Access to Perflib Subkeys
      • Unable to Connect to Remote Server
    • IPV6 Support

Configure Security for Cache Server Nodes

This page provides comprehensive guidance on setting up authorization and authentication within the NCache Security framework for cache server nodes. It will guide you through establishing LDAP-based authentication for user verification. Moreover, it also explains how to assign users to particular roles and permissions.

Important

All the participant nodes in a cluster should have uniform security settings.

Prerequisites for Using LDAP on Linux

To configure and use LDAP on Linux systems,

  • Ensure you have the required LDAP utilities installed on your system. For installation instructions, please refer to the LDAP documentation.

  • After installing the LDAP Utilities, create a symbolic link for the installed LDAP library. For example, if libldap-2.4.so.2 is installed, run the following command to create the symlink:

    sudo ln -s /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 /usr/lib/x86_64-linux-gnu/libldap.so.2
    

Secure Cache Server Nodes with NCache Management Center

Security for cache nodes can be configured through the following steps:

Step 1: Configure the Domain Controller

As NCache is supporting LDAP-integrated security, to secure the cache nodes you should have established LDAP domain controller settings. You can configure these settings in NCache through the following steps:

  • Launch the NCache Management Center by browsing to http://localhost:8251 or <server-ip>:8251 on Windows and Linux.
  • Click on Settings Icon to open NCache Management Center Settings.
  • This will open up a Domain Controller Settings page where you will configure the Domain Controller, Port, Search Base, and optionally Secondary Domain Controller (backup domain controller if your primary domain controller fails). If you are using a secure port, please select the Use SSL Port checkbox.
  • Search Base specifies the base DN (Distinguished Name) for searching LDAP entries. It helps narrow down the search scope within the LDAP directory. If you are unsure about the Search Base, it is recommended to consult your LDAP administrator or IT department for an accurate domain name for your LDAP directory's structure.

Domain Info Verified

  • Click on Verify to verify the provided domain controller settings.
  • On clicking verify you will get the following login prompt asking for valid user credentials.

Login Credentials of Verified User

  • After authentication of user credentials, you will get a prompt asking you to save your changes to apply the domain controller settings.

Save Changes on Verification

  • Click on Save to save your domain controller settings.

Step 2: Secure a Cache Node

Once you have established the domain controller settings and saved them, now is time to secure your cache nodes by following the steps given below:

  • Click on Node-Level Security from the left bar.
  • Specify the cache server node IP that you want to configure.
  • Click Fetch Details.

Node Level Security

  • Select the checkbox Enable Security. Now you can add the Users or Groups on which you want to configure these security settings.

Adding Users and Groups

  • Click on Save.

Step 3: Configuring Homogeneous Security Settings

After setting up security settings for one node, a prompt will appear asking you to add similar security settings to other nodes in that cluster by providing their IP addresses. It is required to configure similar security settings on all nodes in a cluster to avoid any problems while using the cache.

  • After adding the IP addresses of all the nodes, click on Save.
  • Upon clicking Save, the same security settings will be applied to all the other nodes in the cluster.

Homogeneous Security Settings

The next time you launch and access the NCache Management Center, you will encounter a login prompt requesting your authorized login credentials. Moreover, these security settings for the server node are also saved in security.ncconf under the <administrators> tag.

Adding Cache Users

The Node Administrator configured on this node has all the rights of the node and the configured caches. But, if you want to create users who have access over cache and not over a node, then you can configure Cache Users on that node. You can configure the Cache User by following the steps given below:

  • Launch the NCache Management Center by browsing to http://localhost:8251 or <server-ip>:8251 on Windows and Linux.
  • In the left navigation bar, click on Clustered Caches or Local Caches, based on your requirement.
  • Against the cache name, click on View Details.

Configuring Cache Security

  • This opens the detailed configuration page for the cache.
  • Scroll down on the same page to find the Advanced Settings (Clustered Cache) tab. Select Security and Encryption, it will open up a page where you can add the Users or Groups to configure as Cache Users.

Adding Cache User

  • Click on Save Changes to successfully add your Cache User.

Authorizing Client Node

Once you have configured security in NCache, applications connecting to these caches are required to provide credentials. These credentials enable the cache to verify the authorized users and grant them the required rights. There are two ways to provide the necessary user credentials which are explained below:

Client-Side Configuration

You can configure security through the client-side configuration if NCache is installed on your client machine, otherwise, you have to configure security programmatically. To configure security on your client machine, you need to specify the User Id and Password of authorized user using the NCache Management Center as explained below.

  • On the View Details page, go to the Client Nodes tab, select the Client Node IP for which the Client Cache is to be enabled.

Client Node Option

  • Click on "..." against the Client Node IP and select Configure Security.

Enable Client Cache Web

  • The following dialog box appears, where you need to enter the User Id and Password.

Authorize user

  • Click OK to save the changes and this will prompt a success notification.

  • To remove the configured credentials, return to this dialog, clear the entered User Id and Password, and click OK to apply the changes.

Upon validation, these credentials are securely stored in an encrypted form within the client.ncconf on the client machine. After successful configuration, all the applications running on this client machine will automatically provide the specified user credentials to the cache for future validations.

Programmatic Configuration via NCache API

However, if NCache is not installed on the machine where your application is running, you can programmatically provide credentials through the NCache API. This programmatic provision of credentials enables you to dynamically set the necessary credentials in your code to ensure secure and authorized cache access.

Using Command Line Interface

NCache also provides a set of PowerShell cmdlets to seamlessly configure and manage security on the cache. You can add users, enable security, disable security, and remove users by using the following:

Adding Node Administrators

Before enabling security on a node, you need to have Node Administrators with full control over node, including cache management and cache API access. You can add a Node Administrator by executing the Add NCacheUserOrGroup which adds the user, 'John Smith' as an NCache admin on the server 20.200.20.40.

  • Windows
  • Linux
Add-NCacheUserOrGroup -Server 20.200.20.40 -AccessLevel Admin -AdminCredentials(Get-Credential john_smith) -UserOrGroupName john_smith -UserOrGroupDN "CN=John Smith,OU=engineers,DC=example,DC=com" -DomainController 20.200.23.100
add-ncacheuserorgroup -server 20.200.20.40 -accesslevel Admin -adminuserid john_smith -adminpassword pass12345 -userorgroupname john_smith -userorgroupdn "CN=John Smith,OU=engineers,DC=example,DC=com" -domaincontroller 20.200.23.100

This command will also prompt you to enable security immediately after adding the Node Administrator, which you can delay by setting the EnableSecurity flag to False. While executing the command please keep in mind that only the local administrator (domain user) of the machine can add the first Node Administrator. Subsequent Node Administrators can be added or removed by the existing Node Administrator.

Note

Please note that in Linux you can add Administrative Groups (sudo, root, wheel, etc) through the NCacheServer.LinuxAdminGroups tag to configure Node Administrators.

Enabling Security

Once you have added a Node Administrator, you can now Enable Security by executing the following:

  • Windows
  • Linux
Enable-NCacheSecurity -Server 20.200.20.40 -AdminCredential(Get-Credential john_smith) -WriteCredentialsToServiceConfig
enable-ncachesecurity -server 20.200.20.40 -adminuserid john_smith -adminpassword pass12345 -writecredentialstoserviceconfig

This will enable security on the node using the provided admin credentials. The WriteCredentialsToServiceConfig switch stores the provided credentials in an encrypted form within the service configuration to start the caches configured with Auto Start Cache on the Service Startup option.

Adding Cache Users

Now you have successfully secured your node along with all the caches configured on it. But, if you want to limit some users' access to cache operations without management privileges, you can Add Cache Users. You can add them by using the similar cmdlet and command line tool as for Node Administrator, by just specifying the AccessLevel cache parameter. You have to specify the cache to which that user should have access using the CacheName parameter. You can add the Cache User by running the following:

  • Windows
  • Linux
Add-NCacheUserOrGroup -Server 20.200.20.40 -AccessLevel Cache -AdminCredentials(Get-Credential john_smith) -UserOrGroupName john_smith -UserOrGroupDN "CN=John Smith,OU=engineers,DC=example,DC=com" -DomainController 20.200.23.100
add-ncacheuserorgroup -server 20.200.20.40 -accesslevel Cache -adminuserid john_smith -adminpassword pass12345 -userorgroupname john_smith -userorgroupdn "CN=John Smith,OU=engineers,DC=example,DC=com" -domaincontroller 20.200.23.100

Removing Users

Along with adding users, Node Administrators also have the right to Remove Users. The following cmdlet removes the administrator user John Smith from the NCache server with the IP address 20.200.20.40:

  • Windows
  • Linux
Remove-NCacheUserOrGroup -Server 20.200.20.40 -AccessLevel Admin -AdminCredentials(Get-Credential john_smith) -UserOrGroupName john_smith -DisableSecurity Yes
remove-ncacheuserorgroup -server 20.200.20.40 -accesslevel Admin -adminuserid john_smith -adminpassword pass12345 -userorgroupname john_smith -disablesecurity Yes

It allows you to specify whether to disable security during user removal or not. You can set the DisableSecurity parameter to either Yes or No to control this behavior.

While attempting to remove a user with security enabled, if the targeted user is the last one, the system will prompt you to decide if you also want to disable security, unless the DisableSecurity parameter is used. Choosing to disable security will result in the deletion of the user and deactivation of the security feature. If you choose not to disable security, the system will not remove the last user.

Disabling Security

NCache also provides the option to disable security without removing configured Node Administrators and Cache Users through the following cmdlet and command line tool:

  • Windows
  • Linux
Disable-NCacheSecurity -Server 20.200.20.40 -AdminCredentials(Get-Credential john_smith)
disable-ncachesecurity -server 20.200.20.11 -adminuserid john_smith -adminpassword pass12345

It disables security while retaining the configured user settings.

After you have configured security settings, they will be reflected in the security.ncconf config file shipped at %NCHOME%\config. Refer to the Security Config to learn more about the parameters of security.ncconf.

See Also

Configure Encryption for Cache
Configure SSL/TLS Encryption in NCache

In This Article
  • Prerequisites for Using LDAP on Linux
  • Secure Cache Server Nodes with NCache Management Center
    • Step 1: Configure the Domain Controller
    • Step 2: Secure a Cache Node
    • Step 3: Configuring Homogeneous Security Settings
    • Adding Cache Users
    • Authorizing Client Node
  • Using Command Line Interface
    • Adding Node Administrators
    • Enabling Security
    • Adding Cache Users
    • Removing Users
    • Disabling Security
  • See Also

Contact Us

PHONE

+1 (214) 764-6933   (US)

+44 20 7993 8327   (UK)

 
EMAIL

sales@alachisoft.com

support@alachisoft.com

NCache
  • NCache Enterprise
  • NCache Professional
  • Edition Comparison
  • NCache Architecture
  • Benchmarks
Download
Pricing
Try Playground

Deployments
  • Cloud (SaaS & Software)
  • On-Premises
  • Kubernetes
  • Docker
Technical Use Cases
  • ASP.NET Sessions
  • ASP.NET Core Sessions
  • Pub/Sub Messaging
  • Real-Time ASP.NET SignalR
  • Internet of Things (IoT)
  • NoSQL Database
  • Stream Processing
  • Microservices
Resources
  • Magazine Articles
  • Third-Party Articles
  • Articles
  • Videos
  • Whitepapers
  • Shows
  • Talks
  • Blogs
  • Docs
Customer Case Studies
  • Testimonials
  • Customers
Support
  • Schedule a Demo
  • Forum (Google Groups)
  • Tips
Company
  • Leadership
  • Partners
  • News
  • Events
  • Careers
Contact Us

  • EnglishChinese (Simplified)FrenchGermanItalianJapaneseKoreanPortugueseSpanish

  • Contact Us
  •  
  • Sitemap
  •  
  • Terms of Use
  •  
  • Privacy Policy
© Copyright Alachisoft 2002 - 2025. All rights reserved. NCache is a registered trademark of Diyatech Corp.
Back to top