Limiting num users - Windows Identity

Discussion in 'ASP .Net Security' started by David Thielen, Nov 9, 2006.

  1. Hi;

    Well I have this mostly working now - limiting my ASP.NET app to only x
    users when under WindowsIdentity.
    I can't use HttpApplication.BeginRequest because if the user removes:
    <httpModules>
    <add type="FormattingHandler" name="FormattingHandler" />
    </httpModules>
    from Web.Config - then all my license checking goes away.

    So I am using global.asax - Session_OnStart() and
    Application_PostAuthenticateRequest().

    In session start I track if the users can be added and put them in a
    hashtable if they can. I also expire old ones there - also kill them in
    Session_OnEnd().

    Then in PostAuthenticateRequest I check to see if the user making the
    request is in the hashtable. If not I do a HttpApplication.Response.Redirect
    to my license error page.

    This all works great EXCEPT for 1 big problem and 1 little problem:

    BIG: I get the first PostAuthenticateRequest before I get the first
    Session_OnStart. Why and what event should I sit on instead? This method only
    does something if a user is not allowed in (very rare) so it can be late in
    the event chain without being a performance hit.

    little: I have to check this hashtable on each PostAuthenticateRequest and I
    have to lock the access to it as other threads could be calling my app at the
    same time. So this is a hit, more the lock than the hashtable lookup. Any
    suggestions around this? There can be multiple threads both reading and
    writing the hashtable at once.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm
    David Thielen, Nov 9, 2006
    #1
    1. Advertising

  2. Hello Dave,

    The events which is before PostAuthenticateRequest:

    BeginRequest
    AuthenticateRequest

    But you may not able to get user's identity in above two events since the
    user has not been authenticated yet. Can you move the code about validing a
    user and adding it to hashtable into PostAuthenticateRequest?

    Regarding the lock issue, C# provide the keywork "lock" which can be used
    to ensure that a block of code runs to completion without interruption by
    other threads. You may refer to this article:

    http://msdn2.microsoft.com/en-us/library/ms173179.aspx


    Sincerely,

    Luke Zhang

    Microsoft Online Community Support
    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.

    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.
    ==================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Luke Zhang [MSFT], Nov 9, 2006
    #2
    1. Advertising

  3. Hi;

    My problem is I need to get an event that comes AFTER Session_OnStart. The
    first Application_PostAuthenticateRequest comes BEFORE Session_OnStart.

    On the second issue, I am using lock. But lock is expensive. I was hoping
    there is another way to do this. I don't think there is but I figured it is
    better to ask. I will ask this question over in the sdk forum.

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Luke Zhang [MSFT]" wrote:

    > Hello Dave,
    >
    > The events which is before PostAuthenticateRequest:
    >
    > BeginRequest
    > AuthenticateRequest
    >
    > But you may not able to get user's identity in above two events since the
    > user has not been authenticated yet. Can you move the code about validing a
    > user and adding it to hashtable into PostAuthenticateRequest?
    >
    > Regarding the lock issue, C# provide the keywork "lock" which can be used
    > to ensure that a block of code runs to completion without interruption by
    > other threads. You may refer to this article:
    >
    > http://msdn2.microsoft.com/en-us/library/ms173179.aspx
    >
    >
    > Sincerely,
    >
    > Luke Zhang
    >
    > Microsoft Online Community Support
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    > ==================================================
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    >
    David Thielen, Nov 9, 2006
    #3
  4. SO, how about the event "EndRequest"? it is the lastest event in the
    chain.

    Sincerely,

    Luke Zhang

    Microsoft Online Community Support
    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.

    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.
    ==================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Luke Zhang [MSFT], Nov 10, 2006
    #4
  5. PostAcquireRequestState appears to always come after Session_OnStart

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm




    "Luke Zhang [MSFT]" wrote:

    > SO, how about the event "EndRequest"? it is the lastest event in the
    > chain.
    >
    > Sincerely,
    >
    > Luke Zhang
    >
    > Microsoft Online Community Support
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    > ==================================================
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    >
    David Thielen, Nov 10, 2006
    #5
  6. Yes, this is also an proper event to put your code.

    Sincerely,

    Luke Zhang

    Microsoft Online Community Support
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Luke Zhang [MSFT], Nov 13, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. tiewknvc9

    Java and limiting users...

    tiewknvc9, Nov 24, 2007, in forum: Java
    Replies:
    6
    Views:
    323
    Eric Sosman
    Nov 26, 2007
  2. Scottrm
    Replies:
    0
    Views:
    458
    Scottrm
    Jun 30, 2010
  3. bbmerong
    Replies:
    0
    Views:
    111
    bbmerong
    Jan 17, 2008
  4. bbmerong
    Replies:
    0
    Views:
    139
    bbmerong
    Jan 18, 2008
  5. bbmerong
    Replies:
    2
    Views:
    128
    Ken Bloom
    Jan 18, 2008
Loading...

Share This Page