Security :: CurrentPrincipal In Background Threads?
Dec 20, 2010
I have a web application hosted in IIS 7.5 and expose its functionality using web services. The web application has state the the first thing I do is to call a web service method to start it all up. As a consequence several threads are created and these threads run until the system is stopped. All recycling of application pools and such is disabled! To access the web services the calling client must authenticate (using basic auth and local windows users). Thus, an incoming request has the CurrentPrincipal set. The logging subsystem is setup to tag all log messages with the current principals identity name and this works just fine for code that runs on an the thread of on incoming request. But, it doesn't work at all for all of my background threads. The current principal is still set in these threads but the identity objects name has been disposed. Why is this? What can I do to fix this. I would really like to get all log messages tagged with the current principal. It also seems impossible to detect if the identity name instance has been disposed without trying to access it and catch the exception which is highly annoying.
View 2 Replies
Similar Messages:
Jun 15, 2010
When I do ThreadPool.QueueUserWorkItem, I don't want unhandled exceptions to kill my entire process. So I do something like:
ThreadPool.QueueUserWorkItem(delegate() {
try { FunctionIActuallyWantToCall(); }
catch { HandleException(); }
});
Is this the recommended pattern? It seems like there should be a simpler way to do this. It's in an asp.net-mvc app, if that's relevant.
View 1 Replies
May 17, 2010
I have a security manager in my application that works for both windows and web, the process is simple, just takes the user and pwd and authenticates them against a database then sets the Thread.CurrentPrincipal with a custom principal. For windows applications this works fine, but I have problems with web applications.
After the process of authentication, when I'm trying to set the Current.User to the custom principal from Thread.CurrentPrincipal this last one contains a GenericPrincipal. Am I doing something wrong? This is my code:
Login.aspx
[code]....
View 5 Replies
Aug 30, 2010
I'm seeing requests on my server that appear to be made by an anynomous client, although I'm certain they were made by an authenticated user - I have fiddler logs showing that the client sent valid asp.net auth cookies, and server logs indicating that the cookie arrived and is valid. The problem has been observed across all browsers.
The flow of data is:
User visits login url, on a machine that's part of a webfarm (all with the same machine, decrypt keys)On successful forms authentication, user is redirect to a restricted url, their homepage Homepage renders correctly, knowns the identify of the user, and includes javascript to perform 7 asynchronous post-backs to get additional data Javascript kicks off 7 http.get requests, hitting different machines in the webfarm (assume round robin)Server validates request: ~0.01% fail to authenticate.
Now into details:
A very small number of the asynchronous requests land at my server (with evidence they were not manipulated or faked) and appear to be anonymous. Of the 7 requests made, some number may or may not work (ie, 5/7 will succeed, 2 will fail). There doesn't appear to be any patterns in success / failures. In the cases where my requests appear to be anonymous, the CurrentPrincipal.Identity records:
Thread.CurrentPrincipal.Identity.IsAuthenticated; // false
Thread.CurrentPrincipal.Identity.Name; // null (or empty, unsure off hand)
Dumping the http.context.request.params collection to a log file, I'm able to see the following relevent (and scrubbed) properties (complete params below):
[code]...
View 4 Replies
Jun 16, 2010
I have just recently run into an issue running an asp.net web app under visual studio 2008. I get the error 'type is not resolved for member...customUserPrincipal'. Tracking down various discussion groups it seems that there is an issue with Visual Studio's web server when you assign a custom principal against the Thread.CurrentPrincipal.
In my code, I now use...
HttpContext.Current.User = myCustomPrincipal
//Thread.CurrentPrincipal = myCustomPrincipal
I'm glad that I got the error out of the way, but it begs the question "What is the difference between these two methods of setting a principal?". There are other stackoverflow questions related to the differences but they don't get into the details of the two approaches.
I did find one tantalizing post that had the following grandiose comment but no explanation to back up his assertions...
[code]....
View 3 Replies
Aug 14, 2010
I want to authenticate Thread.CurrentPrincipal.Identity when it has entry in active directory or redirect user to login page to check the database for valid user.
View 1 Replies
Feb 5, 2010
I am trying to create a watermark image on the background , i am wondering what option can i use to call image file from my APP_Themes folder insteaed of my hard drive ) Currently i am using this but couldn't figure it out how to call from APP_Them folder of application rather than being specific.
System.Drawing.Image img = System.Drawing.Image.FromFile("c:\Logo_large.gif");
View 1 Replies
Jan 6, 2011
I built a little web application that displays charts. I was thinking that it might be useful for the superuser of the app to do a complete data refresh, however this process takes around 10 minutes to complete. I was thinking perhaps the user could click a button that would start off a new thread to do a data refresh and subsequent clicks would kill the thread and restart the data population process. The user would then be free to browse about the site and view the charts as their data is populated.
Is there a simple method of accomplishing something like this?
View 3 Replies
Aug 20, 2010
I'm trying to get a better handle on how threads work in ASP.NET, so I have a test site with a few pages, and I have a test WinForms client that creates 40 roughly concurrent requests to the test site. The requests take about 5-10 seconds to complete--they call a web service on another server. When I run the test client, I can use Fiddler to see that the requests are being made concurrently. However, when I look at Performance Monitor on the web server, with counters "ASP.NET Apps v2.0.xxx/Requests Executing", "ASP.NET/Requests Current", "ASP.NET Requests Queued", these counters never display more than 2.
This is the case regardless of whether the test page I'm requesting is set up with Async=True and using the Begin/End pattern of calling the web service, or if it's set up to make the call synchronously. Judging by what I see in Fiddler, I would think I should be seeing a total of 40 requests in one of those states, but I don't. Why is that? Do these counters not mean what I think they mean?
View 1 Replies
Nov 1, 2010
In the main thread I open a new thread that gets the number of new messages of user (takes about 5 secs) and this second thread should save the number in some place.
In the main thread I should check the "some place" and if the value exists I display it on the page.
Where can I save the value from the second thread to read it from the main one? This value is unique per user so I can't use static field.
View 3 Replies
Feb 21, 2011
I have a method that I call 8 times with different parametres.I use
AvailableYears.AsParallel()
.Select<Int32,DateUsedByThread>(x => GetDataForYearWorker(x,CIF))
.ToList();
GetDataForYearWorker gets the response from a webservice synchronously. It uses very little computing power on my asp.net application, but it ussualy takes 3-5 sec for each webservice response. Because the calls to the webservice are independent of eachother, I want to make tham all at the same time. But it looks like only 2 threads can run at the same time. Why is this and how can I have 8 threads working at the same time?
View 1 Replies
Feb 27, 2011
I am trying to reproduce a threading error condition within an HTTP Handler.
Basically, the ASP.net worker procecss is creating 2 threads which invoke the HTTP handler in my application simultaneously when a certain page loads.
Inside the http handler, is a resource which is not thread safe. Hence, when the 2 threads try to access it simultaneously an exception occurs.
I could potentially, put a lock statement around the resource, however I want to make sure that it is infact the case. So I wanted to create the situation in a console application first.
But i cant get 2 threads to execute a method at the same time like asp.net wp does. So, my question is how can you can create 2 threads which can execute a method at the same time.
Edit:
The underlying resource is a sql database with a user table (has a name column only). Here is a sample code i tried.
[TestClass]
public class UnitTest1
{
[TestMethod]
public void Linq2SqlThreadSafetyTest()
[Code]....
View 1 Replies
Mar 5, 2011
I'm using ASP.NET 4.0 on IIS7.5 and WCF Callback technique. I have no problem with callback. The wcf service can fire callback method in web client but it seems it's on another thread with the UI thread.
public partial class _Default : System.Web.UI.Page, IServiceCallback
{
private IService proxy = null;
private static TextBox _textBoxtest;
protected void Page_Load(object sender, EventArgs e)
[Code]....
how to update my textBox from callback event.
View 2 Replies
Oct 5, 2010
I'm investigating some performance improvements that can be made to our web server and ASP.NET application.This page contains a few things that we can do.We currently have two worker processes running as a garden. Do each of these worker processes have their own ASP.NET threadpool? Or do both of these worker processes share a single threadpool and the max number of worker threads is shared across these processes?This post seems to suggest that the two processes share a common ASP.NET threadpool. All w3wp.exe threads do is take requests from HTTP.SYS queue, process it, and hand the request toASPNET_ISAPI.DLL, who then deposits those requests into the ASP.Net request queue, and the ASP.Net threadsBut this post suggests that each worker process contains their own ASP.NET threadpool. Each process (w3wp.exe) has its own CLR thread pool which has the configured maxworkerthreads value (20 default).
View 1 Replies
Feb 15, 2011
When my asp.net page loads,it needs to get data from 2 webservices.I want to make the data retrieval processes work concurently.How can I do this and update Label1 with the text result from WS1 and label2 with the result from WS2?I don't know how the code should look like in order to be able to update the controls on the page.
View 1 Replies
Apr 11, 2010
Do I have to lock access to instance members?
public class HttpModule : IHttpModule
{
//...
Dictionary<int, int> foo;
void UseFoo(int a, int b)
{
foo[a] = b;
}
}
View 2 Replies
Jan 5, 2010
I had the following code to send different mails to differnt users in my asp.net web application
foreach (DataRow dataRow in dataTable.Rows)
{
sendMails();
[code]...
View 8 Replies
Mar 1, 2011
ASP.NET 2.0
We have an old app we are moving to a new server and the dates are screwing up (we are in England dd/MM/yyyy) on an assynchronous thread.
Googling it appears that each thread needs to be set to a specific culture otherwise it defaults to the 'OS default locale'. We don't want to change the code so looks like we need to change the os default locale.
Just to be completely clear - does a new thread in asp.net default to the app.config setting (no), machine.config settings (?), app pool account settings (Network Service in our case), Local Service or the Local System account locale settings? Can the default be changed through the Administration tab in regional setting (WS2008)?
Second question, when looking at Environment.UserName, it is showing the server name (xxxx$) rather than Network Service (which is running the app pool). Why is this?
Also, do we need to worry about Input Language, or just Format (locale)?
Is it possible for the Welcome Page to be showing as English (United Kingdom) but the system accounts to actually be English (United States)?
View 1 Replies
Sep 13, 2010
I've got a thread that sends emails around. I need to generate ActionLinks as part of the content of the email so the user can click on the link and be redirected to the website, exactly to the required page. I tried to instantiate a UrlHelper class and use it's Action method to generate the link but since threads don't run within the context of any request I get exceptions at the time of generating the ActionLink.
View 2 Replies
Jan 29, 2011
I'm currently reading a lot about node.js. There is a frequent comparison between servers using a traditional thread per request model (Apache), and servers that use an event loop (Nginx, node, Tornado).
I would like to learn in detail about how a request is processed in ASP.NET - from the point it is received in http.sys all the way up to it being processed in ASP.NET itself. I've found the MSDN documentation on http.sys and IIS a little lacking, but perhaps my google-fu is weak today. So far, the best resource I have found is a post on Thomas Marquardt's Blog.
Could anyone shed more light on the topic, or point me to any other resources?
View 1 Replies
Dec 7, 2010
After an IISRESET on my public facing webserver, the initialization of my app seems correct. That is, in the Application_Start event I launch a new "email" thread whose purpose is to sleep until the configured time, upon "waking" produce a report and email it to my administrative user(s) and go back to sleep until the configured duration elapses at which time, the report is created again and emailed out. I am currently configured to start at 1900 and produce a new report every 12 hours.
As time marches on with this production site, however, something is causing an "extra" thread to be created. This, in turn, results in a duplicate report being emailed. While the problem is benign enough, I'd like to clean this up if possible. Here's a snippet:
[code]....
The above code seems to work fine (like I stated, after an IISRESET, I see the one logged event from the Application_Start event followed by the log entry from my "email" thread: "EmailThread will sleep for nnn minutes...etc.". But somehow (over time) I am getting another instance of the EmailThread thus producing 2 reports instead of just one at the scheduled "wake time".
In the IIS application pool assigned to this website, I have the following settings:
- Recycle worker processes (in minutes) is UNCHECKED
- Recycle worker process (number of requests) is UNCHECKED
- Recycle worker process (at various times) is UNCHECKED / nothing specified
- [Idle timeout] Shutdown worker process after being idle for (time in minutes) is UNCHECKED
I have noticed that the Application_Start event can be entered again (in one case roughly 38 minutes after the first time) which causes my code to run again and create another [and unwanted] thread.
View 2 Replies
Apr 4, 2010
IIS has a limited set of worker threads waiting for requests. If one request is a long running operation, it will block that thread. This leads to fewer threads to serve requests. Way to fix this - use asynchronous pages. When a request comes in, the main worker thread is freed and this other thread is created in some other place. The main thread is thus able to serve other requests. When the request completes on this other thread, another thread is picked from the main thread pool and the response is sent back to the client.
1) Where are these other threads located? Is there another thread pool? 2) IF ASP.NET likes creating new threads in this other thread pool(?), why not increase the number of threads in the main worker pool - they are all running on the same machine anyway? I don't see the advantage of moving that request to this other thread pool. Memory/CPU should be the same right?3) If the main thread hands off a request to this other thread, why does the request not get disconnected? It magically hands off the request to another worker thread somewhere else and when the long running process completes, it picks a thread from the main worker pool and sends response to the client. I am amazed...but how does that work?
View 4 Replies
Feb 6, 2011
I have what I consider a pretty complex situation that I am not sure if it can even be accomplished via an ASP.NET web application. (I am using aps.net 4.0) But what I want to do is design a "online auction site" that can handle many autions running at the same time. So I can only imagine eBay and all the other millions of auction sites out there are all doing this someway or another. My biggest concern is that I want to make sure the design here to make the site as effiecent as possible. Here is specifically what I am trying to figure out.
I think I need to create an object (per active auction) that stays in memory for the life of the auction. This object would have at least the following information:
Aution ID, time remaining, highest bidder id, bid price, Thread Control Variable, etc...
Now here is the tricky part that I think is vital for auction sites. Lets say you have 500 users on my website that are all watching the same auction and it is getting down to the last second of the auction and they all click to place a bid at the same time. Keep in mind this may also be at the same time hundreds of other users are placing bids for other auctions going on all at the same time.
How do I get all these requests (bids), for a single auction, lined up so that they are processed "one at a time"? But some how I need to be able to make all requests wait in a queue until it is their "turn" then I would need to be able to update the in memory object, write a record into a SQL database and then begin returning information back to each user.
Based on other development languages I have used in the past I know their were objects that I could create that could be used to get multiple threads to run in order (in other words syncronized). Usually it would be a case where I would be listening on a server socket and could do something like ThreadVariable.Lock, <process the request>, thenThreadVariable.Unlock. What that would do, is force all threads that tried to call ThreadVariable.Lock to wait until no other threads had the variable locked then it could proceed. Obviously the code it processes between the lock and unlock should be as quick and effecient as possible so it does not create a major traffic jam.
Because my thinking is this "object" I am referring to as being in memory, most likely will play a big role in answering the question about getting the requests in a "one at a time" situation it may be the focus of the question is more like how would I create "an object" and store it in memory to be quickly and easily accessed?
And even more generically does this even sound like I am on the right track
I think the topic of "communication to and from users" will need to be a completly different thread.
View 5 Replies
Feb 18, 2011
I have a wcf service which is exposed publicly to the authorized users.
User1 uses service1 - it checks for validuser and valid subscription for noofcallsallowed per user.
I have a logic return as:
IsSubscriptionValid(userId)
{
TrackUsage(userId);
}
while User1 uses service1:
Thread1 comes to checks for valid subscription and update the usage.In the mean thread2 comes in for the same user which check for valid subscription, and thread1 donot update the usage yet.
So its a wrong call for thread 2?
View 1 Replies
Jan 6, 2011
My ASP.NET MVC 2.0 web application does not maintain any session state and My production machine has n (>1) core, .NET 4.0, IIS 7.5 Integrated mode.For increased performance, I am curious if I should increase the max concurrent threads in thread pool to 12*n or should I keep the max concurrent threads as 12 but assign n worker process (w3wp.exe) to my application pool. What are the pros and cons of one over another?
View 1 Replies
