Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   Limiting num users - Windows Identity (http://www.velocityreviews.com/forums/t769099-limiting-num-users-windows-identity.html)

David Thielen 11-09-2006 12:09 AM

Limiting num users - Windows Identity
 
Hi;

Well I have this mostly working now - limiting my ASP.NET app to only x
users when under WindowsIdentity.
I can't use HttpApplication.BeginRequest because if the user removes:
<httpModules>
<add type="FormattingHandler" name="FormattingHandler" />
</httpModules>
from Web.Config - then all my license checking goes away.

So I am using global.asax - Session_OnStart() and
Application_PostAuthenticateRequest().

In session start I track if the users can be added and put them in a
hashtable if they can. I also expire old ones there - also kill them in
Session_OnEnd().

Then in PostAuthenticateRequest I check to see if the user making the
request is in the hashtable. If not I do a HttpApplication.Response.Redirect
to my license error page.

This all works great EXCEPT for 1 big problem and 1 little problem:

BIG: I get the first PostAuthenticateRequest before I get the first
Session_OnStart. Why and what event should I sit on instead? This method only
does something if a user is not allowed in (very rare) so it can be late in
the event chain without being a performance hit.

little: I have to check this hashtable on each PostAuthenticateRequest and I
have to lock the access to it as other threads could be calling my app at the
same time. So this is a hit, more the lock than the hashtable lookup. Any
suggestions around this? There can be multiple threads both reading and
writing the hashtable at once.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm



Luke Zhang [MSFT] 11-09-2006 06:16 AM

RE: Limiting num users - Windows Identity
 
Hello Dave,

The events which is before PostAuthenticateRequest:

BeginRequest
AuthenticateRequest

But you may not able to get user's identity in above two events since the
user has not been authenticated yet. Can you move the code about validing a
user and adding it to hashtable into PostAuthenticateRequest?

Regarding the lock issue, C# provide the keywork "lock" which can be used
to ensure that a block of code runs to completion without interruption by
other threads. You may refer to this article:

http://msdn2.microsoft.com/en-us/library/ms173179.aspx


Sincerely,

Luke Zhang

Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.




David Thielen 11-09-2006 04:55 PM

RE: Limiting num users - Windows Identity
 
Hi;

My problem is I need to get an event that comes AFTER Session_OnStart. The
first Application_PostAuthenticateRequest comes BEFORE Session_OnStart.

On the second issue, I am using lock. But lock is expensive. I was hoping
there is another way to do this. I don't think there is but I figured it is
better to ask. I will ask this question over in the sdk forum.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




"Luke Zhang [MSFT]" wrote:

> Hello Dave,
>
> The events which is before PostAuthenticateRequest:
>
> BeginRequest
> AuthenticateRequest
>
> But you may not able to get user's identity in above two events since the
> user has not been authenticated yet. Can you move the code about validing a
> user and adding it to hashtable into PostAuthenticateRequest?
>
> Regarding the lock issue, C# provide the keywork "lock" which can be used
> to ensure that a block of code runs to completion without interruption by
> other threads. You may refer to this article:
>
> http://msdn2.microsoft.com/en-us/library/ms173179.aspx
>
>
> Sincerely,
>
> Luke Zhang
>
> Microsoft Online Community Support
> ==================================================
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/subscripti...ult.aspx#notif
> ications.
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://msdn.microsoft.com/subscripti...t/default.aspx.
> ==================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
>


Luke Zhang [MSFT] 11-10-2006 05:45 AM

RE: Limiting num users - Windows Identity
 
SO, how about the event "EndRequest"? it is the lastest event in the
chain.

Sincerely,

Luke Zhang

Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.




David Thielen 11-10-2006 06:10 AM

RE: Limiting num users - Windows Identity
 
PostAcquireRequestState appears to always come after Session_OnStart

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




"Luke Zhang [MSFT]" wrote:

> SO, how about the event "EndRequest"? it is the lastest event in the
> chain.
>
> Sincerely,
>
> Luke Zhang
>
> Microsoft Online Community Support
> ==================================================
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/subscripti...ult.aspx#notif
> ications.
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://msdn.microsoft.com/subscripti...t/default.aspx.
> ==================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
>


Luke Zhang [MSFT] 11-13-2006 07:03 AM

RE: Limiting num users - Windows Identity
 
Yes, this is also an proper event to put your code.

Sincerely,

Luke Zhang

Microsoft Online Community Support
This posting is provided "AS IS" with no warranties, and confers no rights.





All times are GMT. The time now is 07:46 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.