How to use Security in NCache?

Note
  • This feature is only available in NCache Enterprise Edition.
  • This feature is provided for both Windows and Linux .NET Core applications.

NCache provides a customizable security feature for securing distributed cache access. You can prevent any unwanted or unauthorized access to your NCache cluster, and to the data that resides in the cluster by simply configuring NCache security. Moreover, the data being transmitted over the network between cache servers and your application can be secured by configuring the NCache data encryption mechanism. No code changes are required for NCache security and encryption customizations.

Pre-requisites

  • Include the following namespaces in your application:
    • Alachisoft.NCache.Client
    • Alachisoft.NCache.Runtime.Exceptions
    • System.Configuration
  • Add System.Configuration assembly through Reference Manager.
  • The application must be connected to cache before performing the operation.
  • Cache must be running.
  • To ensure the operation is fail safe, it is recommended to handle any potential exceptions within your application, as explained in Handling Failures.

Here's an example which shows how to enable security on the cache. Once security is configured on the cache, security credentials need to be mentioned for initializing cache, using CacheConnectionOptions. For Java, the class used to mention the user credentials is SecurityParams.

try
{
    // Initialize credentials
    string userid = "UserId";
    string password = "UserPassword";
    string cacheName = "myreplicatedcache";

    // Use CacheConnectionOptions to provide credentials 
    var options = new CacheConnectionOptions();

    // Use UserCredentials property to assign credentials
    options.UserCredentials = new Credentials(userid, password);

    // Connecting to cache with security credentials
    ICache cache = CacheManager.GetCache(cacheName, options);
}
catch (OperationFailedException ex)
{
      // NCache specific exception
      if (ex.ErrorCode == NCacheErrorCodes.NO_SERVER_AVAILABLE)
      {
            // Make sure NCache Service is running
            // Make sure that the cache is running
      }
      else
      {
            // Exception can occur due to:
            // Connection Failures: ErrorCode 17506
            // Operation Timeout: ErrorCode 35003
            // Operation performed during state transfer
      }
}
catch (ConfigurationException ex)
{
      if(ex.ErrorCode == NCacheErrorCodes.SERVER_INFO_NOT_FOUND)
      {     
            // client.ncconf must have server information
      }
}
catch (Exception ex)
{
      // Any generic exception like ArgumentNullException or ArgumentException
      // Argument exception occurs in case of empty string name
}

Or as an alternative, the security credentials can be provided in the property file of your application:

./media/image1.png

try
{
    // Initialize credentials
    string userName = string.Empty;
    string password = string.Empty;
    string cacheName = "myreplicatedcache";

    // Check if Username and Passwod is provided through App.config file
    if (ConfigurationManager.AppSettings["Username"] != null)
    {
        userName = ConfigurationManager.AppSettings["Username"].ToString();
    }
    if (ConfigurationManager.AppSettings["Password"] != null)
    {
        password = ConfigurationManager.AppSettings["Password"].ToString();
    }

    // Use CacheConnectionOptions to provide credentials 
    var options = new CacheConnectionOptions();

    options.UserCredentials = new Credentials(userName, password);

    // Connect to cache with security credentials provided in App.config file
    ICache cache = CacheManager.GetCache(cacheName, options);
}
catch (OperationFailedException ex)
{
      // NCache specific exception
      if (ex.ErrorCode == NCacheErrorCodes.NO_SERVER_AVAILABLE)
      {
            // Make sure NCache Service is running
            // Make sure that the cache is running
      }
      else
      {
            // Exception can occur due to:
            // Connection Failures: ErrorCode 17506
            // Operation Timeout: ErrorCode 35003
            // Operation performed during state transfer
      }
}
catch (ConfigurationException ex)
{
      if(ex.ErrorCode == NCacheErrorCodes.SERVER_INFO_NOT_FOUND)
      {     
            // client.ncconf must have server information
      }
}
catch (Exception ex)
{
      // Any generic exception like ArgumentNullException or ArgumentException
      // Argument exception occurs in case of empty string name
}

Troubleshooting

Alachisoft.NCache.Runtime.Exceptions.SecurityException

This exception is raised if an unauthorized user tries to perform cache operations, or wrong credential information is given in the GetCache() or in client.ncconf file.

Workaround

  1. Check if you have given correct credential information through API or in client.ncconf. A typing mistake can be the result of this exception.

  2. See if the specified user exists under given domain in LDAP. Login credentials are required to belong to any server hosting the user login and running LDAP services.

  3. Check if you have given a double slash '//' to separate domain name and User ID when passing them as a string through API. Sometimes a single slash is given, which is recognized as an escape sequence. In that case, no compile time error arises, rather it results in a security exception.

See Also

NCache Data Encryption
Stream Processing in Cache
Configuring Security