.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Using a shared cache in a Web farm environment for detecting replay attacks in WCF

Posted By:      Posted Date: September 07, 2010    Points: 0   Category :.NET Framework
Hello, I'm trying to figure out how to implement a replay attack detection mechanism with WCF in a web farm scenario. WCF provides such detection mechanism by using a nonce cache. Correct me if I'm wrong, but the only way to ensure to prevent this attack in a message security and web farm scenario is by using a nonce cache shared across the servers (i.e.: AppFabric distributed cache). In WSE3.0, it used to be possible to provide nonce cache custom implementations http://msdn.microsoft.com/en-us/library/ff647945.aspx but there doesn't seem to be any way to do so in WCF (No configuration options, besides I found with Reflector that the NonceCache class is marked as both sealed and internal..) Any thoughts?

View Complete Post

More Related Resource Links

Cache settings on shared application pool

I have several web applications on a server using the same application pool. The worker process usually takes a lot of ram but usually only from one application. I can successfully limit the cache usage by setting "PrivateBytesLimit" in web.config file when the application uses it own dedicated application pool. Does anyone know how this setting will be applied when using shared application pool? Is it per application, per worker process or per application pool? Also if it is not per application which setting from which application will be applied?

Copy production farm to staging environment


What is the best approach to set up a staging environment based on production farm? I'd like to image the WFE prod machine since I have lots of add-on and custom code installed in Prod. It will take long time to do a clean install.

We have production farm with two WFE, one App and a SQL cluster.

We are going to set up a staging environment as much similar as possible with Prod.

1. The staging will be in separate domain with separate AD etc.

2. I can't move all the production content DB to staging cause the DB is huge.

3. I'd like to combine WFE with app and use two servers (one WFE and one SQL) in the staging farm.


Thanks in advance!!





If you get confused, listen to the music play...

Install SharePoint 2010 in a farm environment


Recently for one of my project, I had a requirement to install SharePoint on a farm environment. I had a walkthrough with technet site and completed the installation. I thought share my scenario so that somebody with similar requirement may find this useful.

First of all, I had 2 servers for the implementation. So I have decided to dedicate one server for database and another for Sharepoint installation.

The server names are SP2010_DB (for database) and SPPortal (for sharepoint). Both are joined to the domain. For the sake of this article, I am mentioning the domain as SP2010FARM.

I have used the following user accounts for the installation.

User Account


Server roles required


-Sql Server service account

- domain user account

Email Errors to mailbox in shared hosting environment


Is there a way to email any error message a user recieves to a mailbox.

Basically if the user recieves one of the asp.net error pages is there a way for that message to be emailed to a mailbox for me to look into?

It is on a shared hosting environment.

Any help?

Clearing application cache on a shared hoster


This code clears application cache on my local machine very well.

Dim keys As New ArrayList
            ' retrieve application Cache enumerator
            Dim enumerator As IDictionaryEnumerator = X.Cache.GetEnumerator()
            ' copy all keys that currently exist in Cache
            While enumerator.MoveNext()
            End While
            ' delete every key from cache
            For i As Integer = 0 To keys.Count - 1
            keys = Nothin

Detecting Edit or Insert Page


I am coding a .cs file that handles the metadata for a particular table. I am putting a custom validation that allows me to update or insert only if the PubMedID is not already in the database. This would be easy except that the PMID should also be allowed to be null as some of the references in the database were not from PubMed. So i perform a query on the database to see if there is already an identical PMID in the database. This works great when using Insert. However, when using Edit, it does not. The PMID is already in the database because the one currently being edited has the same PMID!!! So I know exactly how to change my query etc. However, I do not know how to tell from inside this Edit/Insert agnostic page, which one it is being called from. Thanks for your help! 

Public Shared function doubt????

I am using VB.net/ASP.NET and SQL Server 2000 for a web application.

For populating the dropdowns, I wrote a Public Shared function LoadDDL(), in which I pass the dataset and dropdown name to set.

I have my doubts that this function will produce unexpected results for concurrent users. And will mix the results among sessions because it is a Shared function.

I am confused here. Is it the right way to go?

Please advice. Thanks in advance.


Detecting PPC device on startup page to redirect?

I was wondering (since a search didn't find any posts) if there is a way for my startup page to detect what kind of device (PocketPC or web browser specifically) is loading the page and if it is a PocketPC, then redirect to the mobile pages? I will only be using PocketPC's exclusively as a mobile device.

Thanks for any suggestions!

AppFabric Cache: Real-World Usage and Integration


Windows Server AppFabric provides a distributed cache for both web and desktop applications. Well show you how to integrate AppFabric caching into your apps, along with some hints for taking advantage of new cache features in the .NET Framework 4.

Andrea Colaci

MSDN Magazine June 2010

Security Briefs: Regular Expression Denial of Service Attacks and Defenses


Microsoft security expert Bryan Sullivan believes denial-of-service blackmail attacks will become more common as privilege escalation attacks become more difficult to execute. He demonstrates how to protect your apps against regular expression DoS threats.

Bryan Sullivan

MSDN Magazine May 2010

Security Briefs: XML Denial of Service Attacks and Defenses


This article reviews what makes XML vulnerable to denial of service attacks and how to mitigate these attacks.

Bryan Sullivan

MSDN Magazine November 2009

Security Briefs: Active Directory Cache Dependencies


If you're not taking advantage of Active Directory, you should be. Learn the benefits from Keith Brown.

Keith Brown

MSDN Magazine July 2007

SQL Security: New SQL Truncation Attacks And How To Avoid Them


Exploits using SQL injection have drawn a lot of attention for their ability to get through firewalls and intrusion detection systems to compromise your data layers. Whether it's a first-order or second-order injection, if you look at the basic code pattern, it is similar to any other injection issue where you use untrusted data in the construction of a statement.

Bala Neerumalla

MSDN Magazine November 2006

Safe!: Repel Attacks on Your Code with the Visual Studio 2005 Safe C and C++ Libraries


When Visual Studio 2005 ships, it will include a major upgrade to the Visual C++ Libraries that was the result of a complete security review of the functions contained in the C Runtime Library, Standard C++ Library, ATL, and MFC. From that extensive review came the Safe C and C++ Libraries, which can improve the security and robustness of your apps.

Martyn Lovell

MSDN Magazine May 2005

Data Security: Stop SQL Injection Attacks Before They Stop You


To execute a SQL injection attack, a hacker writes a Web page that captures text in a textbox to be used to execute a query against a database. The hacker enters a malformed SQL statement into the textbox that causes the back-end database to perform operations the owners did not intend it to perform, like making unauthorized updates. This article explains how you can protect against the all too common SQL injection attack in your own database. The steps covered include data validation, proper exception handing, and much more.

Paul Litwin

MSDN Magazine September 2004

Cutting Edge: Implement Custom Cache Dependencies in ASP.NET 1.x


One of the most compelling improvements that ASP. NET brought to ASP programming was the Cache object. The Cache has some similarities to the Application object and is a container of global data (as opposed to session-specific data) that features a fair number of innovative characteristics.

Dino Esposito

MSDN Magazine July 2004

Virus Hunting: Understand Common Virus Attacks Before They Strike to Better Protect Your Apps


Developer's machines can often be more vulnerable to viruses than the average corporate user because of their more frequent access to remote machines and shares, and the differing administrative privileges they maintain across mutiple machines. Reliance on antivirus software is fine as a first line of defense, but you need a basic arsenal of skills for securing the executables on your system and coping with viruses on your own. This article reviews proactive methods you can use to defend yourself against malicious executable code in resources, component libraries, scripts and macros, as well as how to avoid a handful of other potential vulnerabilities.

Jason Fisher

MSDN Magazine May 2003

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend