Appfabric Caching Security

Question

Appfabric Caching Security

We are developing a caching system Appfabric. We are wondering about security.

How does a server that has a cache element know that an element request comes from another server in the cache cluster or to an authorized server?

What bothers us: can someone who has access to the Appfabric cache port read items from the cache?

+4

security caching appfabric

Shiraz bhaiji Jun 05 '11 at 12:01

source share

2 answers

You can configure the application cache to encrypt and authenticate client connections.

However, we use an encryption algorithm to store sensitive data in cache and SQL backend. Thus, we can guarantee that all data stored in both systems will be protected.

+2

Frode stenstrøm Jun 05 '11 at 13:30

source share

Usercontrol · Accepted Answer · 2011-07-01T09:24:37+0000

No, port access is not sufficient to read cache elements.

AppFabric Cache uses WCF communication within the net.tcp network. Therefore, Windows security is enabled by default. When your client code accesses the cache, this results in a process identifier being passed. The identity is checked in the cache cluster and if you do not provide cache access for this identifier, the request is rejected (you see this as a strange "Temporary error. Try again later").

Usually a special account is created to run your process / application pool. You can grant access using the Windows PowerShell Caching Administration:

PS C:\Windows\system32> Grant-CacheAllowedClientAccount YOURDOMAIN\ProcessAccount

To verify access, use the following command:

 PS C:\Windows\system32> Get-CacheAllowedClientAccounts Administrators NETWORKSERVICE IIS APPPOOL\ASP.NET v4.0 YOURDOMAIN\ProcessAccount

Hope this helps.

Appfabric Caching Security

More articles: