How to use Security in NCache?
Note
- This feature is only available in NCache Enterprise Edition.
- This feature is provided for both Windows and Linux .NET Core applications.
NCache provides a customizable security feature for securing distributed cache access. You can prevent any unwanted or unauthorized access to your NCache cluster, and to the data that resides in the cluster by simply configuring NCache security. Moreover, the data being transmitted over the network between cache servers and your application can be secured by configuring the NCache data encryption mechanism. No code changes are required for NCache security and encryption customizations.
Prerequisites
- Install the following NuGet package in your application:
- Include the following namespaces in your application:
- Add
System.Configuration assembly through Reference Manager.
- Cache must be running.
- The application must be connected to cache before performing the operation.
- For API details: ICache, CacheConnectionOptions, GetCache, CacheManager, Credentials.
- To ensure the operation is fail safe, it is recommended to handle any potential exceptions within your application, as explained in Handling Failures.
- To handle any unseen exceptions, refer to the Troubleshooting section.
- Add the following Maven dependencies in your
pom.xml file:
<dependency>
<groupId>com.alachisoft.ncache</groupId>
<artifactId>ncache-client</artifactId>
<version>x.x.x</version>
</dependency>
- Install the NCache Python client by executing the following command:
# Enterprise Client
pip install ncache-client
- Add the following Maven dependencies in your
pom.xml file:
<dependency>
<groupId>com.alachisoft.ncache</groupId>
<artifactId>ncache-scala-client</artifactId>
<version>x.x.x</version>
</dependency>
Here's an example which shows how to enable security on the cache. Once security is configured on the cache, security credentials need to be mentioned for initializing cache, using CacheConnectionOptions. For Java, the class used to mention the user credentials is SecurityParams.
try
{
// Initialize credentials
string userid = "UserId";
string password = "UserPassword";
string cacheName = "demoCache";
// Use CacheConnectionOptions to provide credentials
var options = new CacheConnectionOptions();
// Use UserCredentials property to assign credentials
options.UserCredentials = new Credentials(userid, password);
// Connecting to cache with security credentials
ICache cache = CacheManager.GetCache(cacheName, options);
}
catch (OperationFailedException ex)
{
// NCache specific exception
if (ex.ErrorCode == NCacheErrorCodes.NO_SERVER_AVAILABLE)
{
// Make sure NCache Service is running
// Make sure that the cache is running
}
else
{
// Exception can occur due to:
// Connection Failures: ErrorCode 17506
// Operation Timeout: ErrorCode 35003
// Operation performed during state transfer
}
}
catch (ConfigurationException ex)
{
if(ex.ErrorCode == NCacheErrorCodes.SERVER_INFO_NOT_FOUND)
{
// client.ncconf must have server information
}
}
catch (Exception ex)
{
// Any generic exception like ArgumentNullException or ArgumentException
// Argument exception occurs in case of empty string name
}
try
{
// Initialize credentials
String userId = "UserId";
String password = "UserPassword";
String cacheName = "demoClusteredCache";
// Use CacheConnectionOptions to provide credentials
CacheConnectionOptions options = new CacheConnectionOptions();
// Use UserCredentials property to assign credentials
Credentials credentials = new Credentials(userId, password);
options.setUserCredentials(credentials);
// Connecting to cache with security credentials
Cache cache = CacheManager.getCache(cacheName, options);
}
catch (OperationFailedException ex)
{
// NCache specific exception
if (ex.getErrorCode() == NCacheErrorCodes.NO_SERVER_AVAILABLE)
{
// Make sure NCache Service is running
// Make sure that the cache is running
}
else
{
// Exception can occur due to:
// Connection Failures: ErrorCode 17506
// Operation Timeout: ErrorCode 35003
// Operation performed during state transfer
}
}
catch (ConfigurationException ex)
{
if (ex.getErrorCode() == NCacheErrorCodes.SERVER_INFO_NOT_FOUND)
{
// client.ncconf must have server information
}
}
catch (Exception ex)
{
// Any generic exception like ArgumentNullException or ArgumentException
// Argument exception occurs in case of empty string name
}
// This is an async method
try
{
// Initialize credentials
let userId = "UserId";
let password = "UserPassword";
let cacheName = "demoClusteredCache";
// Use CacheConnectionOptions to provide credentials
let options = new ncache.CacheConnectionOptions();
// Use UserCredentials property to assign credentials
let credentials = new ncache.Credentials(userId, password);
options.setUserCredentials(credentials);
// Connecting to cache with security credentials
let cache = await ncache.CacheManager.getCache(cacheName, options);
}
catch (error)
{
// Handle errors
}
try:
# Initialize credentials
user_id = "UserId"
password = "UserPassword"
cache_name = "demoCache"
# Use CacheConnectionOptions to provide credentials
options = ncache.CacheConnectionOptions()
# Use UserCredentials property to assign credentials
credentials = ncache.Credentials(user_id, password)
options.set_user_credentials(credentials)
# Connecting to cache with security credentials
cache = ncache.CacheManager.get_cache(cache_name, options)
except Exception as exp:
# Handle errors
try {
// Initialize credentials
val userId = "UserId"
val password = "UserPassword"
val cacheName = "demoCache"
// Use CacheConnectionOptions to provide credentials
val options = new CacheConnectionOptions
// Use UserCredentials property to assign credentials
val credentials = new Credentials(userId, password)
options.setUserCredentials(credentials)
// Connecting to cache with security credentials
val cache = CacheManager.getCache(cacheName, options)
}
catch {
case exception: Exception => {
// Handle any errors
}
}
Or as an alternative, the security credentials can be provided in the property file of your application:
try
{
// Initialize credentials
string userName = string.Empty;
string password = string.Empty;
string cacheName = "myreplicatedcache";
// Check if Username and Passwod is provided through App.config file
if (ConfigurationManager.AppSettings["Username"] != null)
{
userName = ConfigurationManager.AppSettings["Username"].ToString();
}
if (ConfigurationManager.AppSettings["Password"] != null)
{
password = ConfigurationManager.AppSettings["Password"].ToString();
}
// Use CacheConnectionOptions to provide credentials
var options = new CacheConnectionOptions();
options.UserCredentials = new Credentials(userName, password);
// Connect to cache with security credentials provided in App.config file
ICache cache = CacheManager.GetCache(cacheName, options);
}
catch (OperationFailedException ex)
{
// NCache specific exception
if (ex.ErrorCode == NCacheErrorCodes.NO_SERVER_AVAILABLE)
{
// Make sure NCache Service is running
// Make sure that the cache is running
}
else
{
// Exception can occur due to:
// Connection Failures: ErrorCode 17506
// Operation Timeout: ErrorCode 35003
// Operation performed during state transfer
}
}
catch (ConfigurationException ex)
{
if(ex.ErrorCode == NCacheErrorCodes.SERVER_INFO_NOT_FOUND)
{
// client.ncconf must have server information
}
}
catch (Exception ex)
{
// Any generic exception like ArgumentNullException or ArgumentException
// Argument exception occurs in case of empty string name
}
try {
// Precondition: Cache is connected
String cacheName = "demoClusteredCache";
// Check if Username and password is provided in the property file of the application
Properties properties = new Properties();
properties.load(new FileInputStream("security.properties"));
String userName = properties.getProperty("Username");
String password = properties.getProperty("Password");
// Use CacheConnectionOptions to provide credentials
CacheConnectionOptions options = new CacheConnectionOptions();
Credentials credentials = new Credentials(userName, password);
options.setUserCredentials(credentials);
// Initializing cache with security credentials provided in the property file
Cache cache = CacheManager.getCache(cacheName, options);
}
catch (OperationFailedException ex)
{
// NCache specific exception
if (ex.getErrorCode() == NCacheErrorCodes.NO_SERVER_AVAILABLE)
{
// Make sure NCache Service is running
// Make sure that the cache is running
}
else
{
// Exception can occur due to:
// Connection Failures: ErrorCode 17506
// Operation Timeout: ErrorCode 35003
// Operation performed during state transfer
}
}
catch (ConfigurationException exception)
{
if (exception.getErrorCode() == NCacheErrorCodes.SERVER_INFO_NOT_FOUND)
{
// client.ncconf must have server information
}
}
catch (Exception exception)
{
// Any generic exception like ArgumentNullException or ArgumentException
// Argument exception occurs in case of empty string name
}
// This is an async method
try
{
// Precondition: Cache is connected
let cacheName = "demoClusteredCache";
// Check if Username and password is provided in the property file of the application
let userName = properties.get('User.UserName');
let password = properties.get('User.Password');
// Use CacheConnectionOptions to provide credentials
let options = new ncache.CacheConnectionOptions();
let credentials = new ncache.Credentials(userName, password);
options.setUserCredentials(credentials);
// Initializing cache with security credentials provided in the property file
let cache = await ncache.CacheManager.getCache(cacheName, options);
}
catch (error)
{
// client.ncconf must have server information
// Exception can occur due to:
// Connection Failures: ErrorCode 17506
// Operation Timeout: ErrorCode 35003
// Operation performed during state transfer
}
try:
# Precondition: Cache is connected
cache_name = "demoCache"
# Check if Username and password is provided in the property file of the application
user_name = config.get('User', 'UserName')
password = config.get('User', 'Password')
# Use CacheConnectionOptions to provide credentials
options = ncache.CacheConnectionOptions()
credentials = ncache.Credentials(user_name, password)
options.set_user_credentials(credentials)
# Initializing cache with security credentials provided in the property file
cache = ncache.CacheManager.get_cache(cache_name, options)
except Exception as exp:
# client.ncconf must have server information
# Exception can occur due to:
# Connection Failures: ErrorCode 17506
# Operation Timeout: ErrorCode 35003
# Operation performed during state transfer
try {
// Precondition: Cache is connected
val cacheName = "demoCache"
// Check if Username and password is provided in the property file of the application
val properties = new Properties()
properties.load(new FileInputStream("security.properties"))
val userName = properties.getProperty("Username")
val password = properties.getProperty("Password")
// Use CacheConnectionOptions to provide credentials
val options = CacheConnectionOptions()
val credentials = new Credentials(userName, password)
options.setUserCredentials(credentials)
// Initializing cache with security credentials provided in the property file
val cache = CacheManager.getCache(cacheName, options)
}
catch {
case exception: Exception => {
// Handle any errors
}
}
Troubleshooting
Alachisoft.NCache.Runtime.Exceptions.SecurityException
This exception is raised if an unauthorized user tries to perform cache operations, or wrong credential information is given in the GetCache() or in client.ncconf file.
Workaround
Check if you have given correct credential information through API or in client.ncconf. A typing mistake can be the result of this exception.
See if the specified user exists under given domain in LDAP. Login credentials are required to belong to any server hosting the user login and running LDAP services.
Check if you have given a double slash '//' to separate domain name and User ID when passing them as a string through API. Sometimes a single slash is given, which is recognized as an escape sequence. In that case, no compile time error arises, rather it results in a security exception.
See Also
NCache Data Encryption
Stream Processing in Cache
Configuring Security