How to use Security in NCache?
Note
- This feature is only available in NCache Enterprise Edition.
- This feature is provided for both Windows and Linux .NET Core applications.
NCache provides a customizable security feature for securing distributed cache access. You can prevent any unwanted or unauthorized access to your NCache cluster, and to the data that resides in the cluster by simply configuring NCache security. Moreover, the data being transmitted over the network between cache servers and your application can be secured by configuring the NCache data encryption mechanism. No code changes are required for NCache security and encryption customizations.
Pre-requisites
- Install the following NuGet packages in your application:
- Include the following namespaces in your application:
Alachisoft.NCache.Client
Alachisoft.NCache.Runtime.Exceptions
System.Configuration
- Add
System.Configuration
assembly through Reference Manager. - The application must be connected to cache before performing the operation.
- Cache must be running.
- For API details: ICache, CacheConnectionOptions,GetCache()
- To ensure the operation is fail safe, it is recommended to handle any potential exceptions within your application, as explained in Handling Failures.
- To handle any unseen exceptions, refer to the Troubleshooting section.
Here's an example which shows how to enable security on the cache. Once security is configured on the cache, security credentials need to be mentioned for initializing cache, using CacheConnectionOptions
. For Java, the class used to mention the user credentials is SecurityParams
.
try
{
// Initialize credentials
string userid = "UserId";
string password = "UserPassword";
string cacheName = "myreplicatedcache";
// Use CacheConnectionOptions to provide credentials
var options = new CacheConnectionOptions();
// Use UserCredentials property to assign credentials
options.UserCredentials = new Credentials(userid, password);
// Connecting to cache with security credentials
ICache cache = CacheManager.GetCache(cacheName, options);
}
catch (OperationFailedException ex)
{
// NCache specific exception
if (ex.ErrorCode == NCacheErrorCodes.NO_SERVER_AVAILABLE)
{
// Make sure NCache Service is running
// Make sure that the cache is running
}
else
{
// Exception can occur due to:
// Connection Failures: ErrorCode 17506
// Operation Timeout: ErrorCode 35003
// Operation performed during state transfer
}
}
catch (ConfigurationException ex)
{
if(ex.ErrorCode == NCacheErrorCodes.SERVER_INFO_NOT_FOUND)
{
// client.ncconf must have server information
}
}
catch (Exception ex)
{
// Any generic exception like ArgumentNullException or ArgumentException
// Argument exception occurs in case of empty string name
}
Or as an alternative, the security credentials can be provided in the property file of your application:
try
{
// Initialize credentials
string userName = string.Empty;
string password = string.Empty;
string cacheName = "myreplicatedcache";
// Check if Username and Passwod is provided through App.config file
if (ConfigurationManager.AppSettings["Username"] != null)
{
userName = ConfigurationManager.AppSettings["Username"].ToString();
}
if (ConfigurationManager.AppSettings["Password"] != null)
{
password = ConfigurationManager.AppSettings["Password"].ToString();
}
// Use CacheConnectionOptions to provide credentials
var options = new CacheConnectionOptions();
options.UserCredentials = new Credentials(userName, password);
// Connect to cache with security credentials provided in App.config file
ICache cache = CacheManager.GetCache(cacheName, options);
}
catch (OperationFailedException ex)
{
// NCache specific exception
if (ex.ErrorCode == NCacheErrorCodes.NO_SERVER_AVAILABLE)
{
// Make sure NCache Service is running
// Make sure that the cache is running
}
else
{
// Exception can occur due to:
// Connection Failures: ErrorCode 17506
// Operation Timeout: ErrorCode 35003
// Operation performed during state transfer
}
}
catch (ConfigurationException ex)
{
if(ex.ErrorCode == NCacheErrorCodes.SERVER_INFO_NOT_FOUND)
{
// client.ncconf must have server information
}
}
catch (Exception ex)
{
// Any generic exception like ArgumentNullException or ArgumentException
// Argument exception occurs in case of empty string name
}
Troubleshooting
Alachisoft.NCache.Runtime.Exceptions.SecurityException
This exception is raised if an unauthorized user tries to perform cache operations, or wrong credential information is given in the GetCache()
or in client.ncconf file.
Workaround
Check if you have given correct credential information through API or in client.ncconf. A typing mistake can be the result of this exception.
See if the specified user exists under given domain in LDAP. Login credentials are required to belong to any server hosting the user login and running LDAP services.
Check if you have given a double slash '//' to separate domain name and User ID when passing them as a string through API. Sometimes a single slash is given, which is recognized as an escape sequence. In that case, no compile time error arises, rather it results in a security exception.
See Also
NCache Data Encryption
Stream Processing in Cache
Configuring Security