Cache and Security

Hot Topic

loading vsip package
Are MSBuild '/target' command line parameters exposed inside a build project?
MarhalByRefObject
Help to select the lexer/parser generators
Annotations ant attributes
do not find "From" statement in CTP JAN...
VSS automation
Automation server can't create object - figured out my problem
Cannot Download Visual Studio 2005
When is BeginTryReceive invoked?

Visual Studio

Simple Type Binding
including web browser control in xaml window
in-browser Window management?
prompt user from MSBuild command line?
WS-Reliable Messaging Implementation in WCF
XML documentation tags support in Sandcastle
Update and Delete check boxes don't show up on gridview smart control in visual studio 2005 Professional
Animations at GDI speed?
How to return a List<T> using WCF
Execute target when (core)compile will execute

Cache and Security

Hi,

I have read some posts about cache, proxy and ChannelFactory, but i don’t get a solution to cache the channels if i have to apply a membership user per call

- If a use ClientBase, then i can not cache a client for every membership user. I have to cache a proxy for every user

- Then, i implement a Manager to cache the ChannelFactory, then if i apply a credentials for every call... is it thread-safe to invoke the service with the credentials

Thanks.

Answer this question

Cache and Security

  • Mauro_Net

    Hi Pablo,

    Yes, you should keep a channel instance per authenticated user in the cache. (If you want to pass the credentials of the authenticated user to the service).

    I think you are not considering this, but a generic user could be another solution (Representing the ASP web application), in that case, you only need to keep a single channel instance.

    Regards,
    Pablo.



  • SY Tee

    Hi Pablo,

    If you use SecureConversation between the client and the service, WCF already keeps the session token (The token created from a negotiation between the client and the service using the client credentials) in the channel instance, so you should cache the channel instance and not the channel factory. The ChannelFactory contains the user credentials, so it is not safe to keep it in a cache. (It is safer to keep only the session token). I think the session token is automatically renewed by WCF if you try to use it when it is expired.

    In a few words, the solution should look like this:

    1. Create the ChannelFactory with the client credentials

    2. Create a channel instance using the factory (WCF will negociate a SecureConversation token or session token on behalf, and it will keep it on the channel instance)

    3. Keep the channel instance in a cache



  • bikerchick

    Hi Pablo,

    I saw you are having problems with the number of open channels.

    Probably you can implement a token cache instead of a channel cache. You need to extend the ClientCredentials class in order to implement a token cache. I have implemented one for SAML, for you might need to change it a little.

    My implementation for SAML is here, http://weblogs.asp.net/cibrax/archive/2006/03/27/441227.aspx

    Vittorio Bertocci implemented another cache for InfoCard, so you can also take a look here, http://blogs.msdn.com/vbertocci/archive/2006/11/17/using-windows-cardspace-for-securing-a-wpf-smartclient-in-wcf-token-caching-sauce.aspx

    Regards

    Pablo.



  • Bapa

    Thanks Pablo,

    I think you are right, i can cache a channel instance, but i dont understand something:

    For example, If I have an ASP.Net 2.0 application (MOSS 2007) using Membership and i create a WCF endpoint that authenticate using this membership too, then, the ASP.Net application authenticate the client and I will use the service endpoint using this client credentials. Then, in the WCF service implementation i have the client credentials for the ASP.Net 2.0 application. But when i create the channel, i set the credentials to the ChannelFactory. Then, the channel instance i get is for the authenticated user on the ASP.Net 2.0 application, then i have to cache a channel instance for every user authenticated on the ASP.Net application

    Thanks

  • SQL Server Management Studio

    Thanks a lot Pablo,

    if i use a tokenprovider, for every method i have to create and open a channel instance, and later close it. Perhaps caching the channel instances is not a good practice, but you have to create a channel every time

    My propose is to do a service agent, and this service agent cache the channel instance, open and close the connection, etc.. Then, a programmer that use a service agent don’t know any think about channel cache, dispose, security, etc. But i think it will not be posible because of the channel instance design..... :-(

    I will try to implement a Token Provider, to increase the service agent performance, using your solution (SAML) for Membership users.

    Thanks,

    Pablo.

  • Greenstrike

    Thanks a lot Pablo,

    yes, i am not considering a generic user, because of the service business logic needs the User and i need to audit and monitor the user's request.

    I think that the solution will be to create a ChannelManager to resolve the channel instances. This ChannelManager will contain a static memory structure with a table something like this, for example:

    USER SERVICE_NAME

    CHANNEL_INSTANCE

    Usuario1

    Servicio1_Binding

    channelInstance1

    Usuario1

    Servicio2_Binding

    channelInstance2

    Usuario2

    Servicio1_Binding

    channelInstance3

    Usuario3

    Servicio1_Binding

    channelInstance4

    Every user can have more than one endpoint. Now, i have to see how much memory can this memory use, perhaps it will be a problem, i will test it. For example, an application with 100 users and 5 endpoints....

    Regards,

    Pablo.
  • Cache and Security
Answer this question