Search Results

Search found 21097 results on 844 pages for 'check snmp'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 202/844 | < Previous Page | 198 199 200 201 202 203 204 205 206 207 208 209  | Next Page >

  • No internet access when I'm connect to my company's VPN

    - by Iago
    I googled my problem and I've read some questions in Ask Ubuntu, but I didn't solve my problem. I connect to a PPTP VPN server and it works well, but when I'm connected to that VPN I don't have Internet access but private network access. If I check "Use this connection only for resources on its network", I have Internet access, but this way I haven't access to my company's private network. What's the problem? Help, please.

    Read the article

  • How can I Fix the CD/DVD refresh for the media drive so that it is recognized automatically?

    - by Denja
    Hello Community, I have recently installed Ubuntu 10.10 and it seems to work flawlessly. But today I tried to check some CDs and I was surprised that Ubuntu doesn't automatically refresh the CD/DVDs inserted in my media drive. I had to eject manually the CD/DVD from Ubuntu and then Insert the new CD and only then Ubuntu reads the data in the newly inserted CD/DVD. How can I fix the CD/DVD refresh for the media drive so that Ubuntu 10.10 recognize it automatically?

    Read the article

  • Differences in documentation for sys.dm_exec_requests

    - by AaronBertrand
    I've already complained about this on Connect ( see #641790 ), but I just wanted to point out that if you're trying to make sense of the sys.dm_exec_requests document and what it lists as the commands supported by the percent_complete column, you should check which version of the documentation you're reading. I noticed the following discrepancies. I can't explain why certain operations are missing, except that the Denali topic was generated from the 2008 topic (or maybe from the 2008 R2 topic before...(read more)

    Read the article

  • ANN: free DPack for VS.NET 2003/2005 v2.5.1 (3 replies)

    Hi all, I'm pleased to announce a new v2.5.1 availability of our free VS.NET 2003 and VS 2005 add ons collection called DPack. DPack includes various browser tools that allow the developer to quickly find solution's code members, types or files. Additional tools such as numbered bookmarks, solution backup and statistics, to name the few, are included as well. You can check the change log, see the ...

    Read the article

  • Day 4 of Oracle OpenWorld 2012 October 3rd

    - by Maria Colgan
    Thanks to all those who stopped by the demogrounds  to chat with the Optimizer developers and to check out what is new in the Oracle Optimizer over the last two days. Remember, today is the last day of the demogrounds, so if you haven't had a chance to stop by and collect you bumper sticker yet, do so today. The Optimizer developers will be there from 9:45 am until 4pm. Don't forget our second technical session (Session CON8457) is tomorrow at 12:45pm. +Maria Colgan

    Read the article

  • Notifications for Expiring DBSNMP Passwords

    - by Courtney Llamas
    Most user accounts these days have a password profile on them that automatically expires the password after a set number of days.   Depending on your company’s security requirements, this may be as little as 30 days or as long as 365 days, although typically it falls between 60-90 days. For a normal user, this can cause a small interruption in your day as you have to go get your password reset by an admin. When this happens to privileged accounts, such as the DBSNMP account that is responsible for monitoring database availability, it can cause bigger problems. In Oracle Enterprise Manager 12c you may notice the error message “ORA-28002: the password will expire within 5 days” when you connect to a target, or worse you may get “ORA-28001: the password has expired". If you wait too long, your monitoring will fail because the password is locked out. Wouldn’t it be nice if we could get an alert 10 days before our DBSNMP password expired? Thanks to Oracle Enterprise Manager 12c Metric Extensions (ME), you can! See the Oracle Enterprise Manager Cloud Control Administrator’s Guide for more information on Metric Extensions. To create a metric extension, select Enterprise / Monitoring / Metric Extensions, and then click on Create. On the General Properties screen select either Cluster Database or Database Instance, depending on which target you need to monitor.  If you have both RAC and Single instance you may need to create one for each. In this example we will create a Cluster Database metric.  Enter a Name for the ME and a Display Name. Then select SQL for the Adapter.  Adjust the Collection Schedule as desired, for this example we will collect this metric every 1 day. Notice for metric collected every day, we can determine the exact time we want to collect. On the Adapter page, enter the query that you wish to execute.  In this example we will use the query below that specifically checks for the DBSNMP user that is expiring within 10 days. Of course, you can adjust this query to alert for any user that can cause an outage such as an application account or service account such as RMAN. select username, account_status, trunc(expiry_date-sysdate) days_to_expirefrom dba_userswhere username = 'DBSNMP'and expiry_date is not null; The next step is to create the columns to store the data returned from the query.  Click Add and add a column for each of the fields in the same order that data is returned.  The table below will help you complete the column additions. Name Display Name Column Type Value Type Metric Category Unit Username User Name Key String Security AccountStatus Account Status Data String Security DaysToExpire Days Until Expiration Data Number Security Days When creating the DaysToExpire column, you can add a default threshold here for Warning and Critical (say < 10 and 5).  When all columns have been added, click Next. On the Credentials page, you can choose to use the default monitoring credentials or specify new credentials.  We will use the default credentials established for our target (dbsnmp). The next step is to test your Metric Extension.  Click on Add to select a target for testing, then click Select. Now click the button Run Test to execute the test against the selected target(s). We can see in the example below that the Metric Extension has executed and returned a value of 68 days to expire. Click Next to proceed. Review the metric extension in the final screen and click Finish. The metric will be created in Editable status.  Select the metric, click Actions and select Deployable Draft. You can do this once more to move to Published. Finally, we want to apply this metric to a target. When managing many targets, it’s best to add your metric to a template, for details on adding a Metric Extension to a template see the Administrator’s Guide. For this example, we will deploy this to a target directly. Select Actions / Deploy to Targets. Click Add and select the target you wish to deploy to and click Submit.  Once deployment is complete, we can go to the target and view the Metric & Collection Settings to see the new metric and its thresholds.   After some time, you will find the metric has collected and the days to expiration for DBSNMP user can be seen in the All Metrics view.   For metrics collected once per day, you may have to wait up to 24 hours to see the metric and current severity. In the example below, the current severity is Clear (green check) as it is not scheduled to expire within 10 days. To test the notification, we can edit the thresholds for the new metric so they trigger an alert.  Our password expires in 139 days, so we’ll change our Warning to 140 and leave Critical at 5, in our example we also changed the collection time to every 5 minutes.  At the next collection, you’ll find that the current severity changes to a Warning and any related Incident Rules would be triggered to create an Incident or Notification as desired. Now that you get a notification that your DBSNMP passwords is about to expire, you can use OEM Command Line Interface (EM CLI) verb update_db_password to change it at both the database target and the OEM target in one step.  The caveat is you must know the existing password to use the update_db_password command.  To learn more about EM CLI, see the Oracle Enterprise Manager Command Line Interface Guide.  Below is an example of changing the password with the update_db_password verb.  $ ./emcli update_db_password -target_name=emrep -target_type=oracle_database -user_name=dbsnmp -change_at_target=yes -change_all_references=yes Enter value for old_password :Enter value for new_password :Enter value for retype_new_password :Successfully submitted a job to change the password in Enterprise Manager and on the target database: "emrep"Execute "emcli get_jobs -job_id=FA66C1C4D663297FE0437656F20ACC84" to check the status of the job.Search for job name "CHANGE_PWD_JOB_FA66C1C4D662297FE0437656F20ACC84" on the Jobs home page to check job execution details. The subsequent job created will typically run quickly enough that a blackout is not needed, however if you submit a script with many targets to change, your job may run slower so adding a blackout to the script is recommended. $ ./emcli get_jobs -job_id=FA66C1C4D663297FE0437656F20ACC84 Name Type Job ID Execution ID Scheduled Completed TZ Offset Status Status ID Owner Target Type Target Name CHANGE_PWD_JOB_FA66C1C4D662297FE0437656F20ACC84 ChangePassword FA66C1C4D663297FE0437656F20ACC84 FA66C1C4D665297FE0437656F20ACC84 2014-05-28 09:39:12 2014-05-28 09:39:18 GMT-07:00 Succeeded 5 SYSMAN oracle_database emrep After implementing the above Metric Extension and using the EM CLI update_db_password verb, you will be able to stay on top of your DBSNMP password changes without experiencing an unplanned monitoring outage.  

    Read the article

  • Oracle Policy Automation YouTube Videos

    - by Wes Curtis
    The Oracle PSRM integration with Oracle Policy Automation provides a great option for implementing business rules as Microsoft Word and Excel documents. The following YouTube site includes a large number of videos on various OPA topics including feature introductions, tutorials and overview presentations. Be sure to check these out if you would like to learn more about OPA and it's capabilities. http://www.youtube.com/user/OraclePAVideos

    Read the article

  • Secure Your Wireless Router: 8 Things You Can Do Right Now

    - by Chris Hoffman
    A security researcher recently discovered a backdoor in many D-Link routers, allowing anyone to access the router without knowing the username or password. This isn’t the first router security issue and won’t be the last. To protect yourself, you should ensure that your router is configured securely. This is about more than just enabling Wi-Fi encryption and not hosting an open Wi-Fi network. Disable Remote Access Routers offer a web interface, allowing you to configure them through a browser. The router runs a web server and makes this web page available when you’re on the router’s local network. However, most routers offer a “remote access” feature that allows you to access this web interface from anywhere in the world. Even if you set a username and password, if you have a D-Link router affected by this vulnerability, anyone would be able to log in without any credentials. If you have remote access disabled, you’d be safe from people remotely accessing your router and tampering with it. To do this, open your router’s web interface and look for the “Remote Access,” “Remote Administration,” or “Remote Management” feature. Ensure it’s disabled — it should be disabled by default on most routers, but it’s good to check. Update the Firmware Like our operating systems, web browsers, and every other piece of software we use, router software isn’t perfect. The router’s firmware — essentially the software running on the router — may have security flaws. Router manufacturers may release firmware updates that fix such security holes, although they quickly discontinue support for most routers and move on to the next models. Unfortunately, most routers don’t have an auto-update feature like Windows and our web browsers do — you have to check your router manufacturer’s website for a firmware update and install it manually via the router’s web interface. Check to be sure your router has the latest available firmware installed. Change Default Login Credentials Many routers have default login credentials that are fairly obvious, such as the password “admin”. If someone gained access to your router’s web interface through some sort of vulnerability or just by logging onto your Wi-Fi network, it would be easy to log in and tamper with the router’s settings. To avoid this, change the router’s password to a non-default password that an attacker couldn’t easily guess. Some routers even allow you to change the username you use to log into your router. Lock Down Wi-Fi Access If someone gains access to your Wi-Fi network, they could attempt to tamper with your router — or just do other bad things like snoop on your local file shares or use your connection to downloaded copyrighted content and get you in trouble. Running an open Wi-Fi network can be dangerous. To prevent this, ensure your router’s Wi-Fi is secure. This is pretty simple: Set it to use WPA2 encryption and use a reasonably secure passphrase. Don’t use the weaker WEP encryption or set an obvious passphrase like “password”. Disable UPnP A variety of UPnP flaws have been found in consumer routers. Tens of millions of consumer routers respond to UPnP requests from the Internet, allowing attackers on the Internet to remotely configure your router. Flash applets in your browser could use UPnP to open ports, making your computer more vulnerable. UPnP is fairly insecure for a variety of reasons. To avoid UPnP-based problems, disable UPnP on your router via its web interface. If you use software that needs ports forwarded — such as a BitTorrent client, game server, or communications program — you’ll have to forward ports on your router without relying on UPnP. Log Out of the Router’s Web Interface When You’re Done Configuring It Cross site scripting (XSS) flaws have been found in some routers. A router with such an XSS flaw could be controlled by a malicious web page, allowing the web page to configure settings while you’re logged in. If your router is using its default username and password, it would be easy for the malicious web page to gain access. Even if you changed your router’s password, it would be theoretically possible for a website to use your logged-in session to access your router and modify its settings. To prevent this, just log out of your router when you’re done configuring it — if you can’t do that, you may want to clear your browser cookies. This isn’t something to be too paranoid about, but logging out of your router when you’re done using it is a quick and easy thing to do. Change the Router’s Local IP Address If you’re really paranoid, you may be able to change your router’s local IP address. For example, if its default address is 192.168.0.1, you could change it to 192.168.0.150. If the router itself were vulnerable and some sort of malicious script in your web browser attempted to exploit a cross site scripting vulnerability, accessing known-vulnerable routers at their local IP address and tampering with them, the attack would fail. This step isn’t completely necessary, especially since it wouldn’t protect against local attackers — if someone were on your network or software was running on your PC, they’d be able to determine your router’s IP address and connect to it. Install Third-Party Firmwares If you’re really worried about security, you could also install a third-party firmware such as DD-WRT or OpenWRT. You won’t find obscure back doors added by the router’s manufacturer in these alternative firmwares. Consumer routers are shaping up to be a perfect storm of security problems — they’re not automatically updated with new security patches, they’re connected directly to the Internet, manufacturers quickly stop supporting them, and many consumer routers seem to be full of bad code that leads to UPnP exploits and easy-to-exploit backdoors. It’s smart to take some basic precautions. Image Credit: Nuscreen on Flickr     

    Read the article

  • Data structures for a 2D multi-layered and multi-region map?

    - by DevilWithin
    I am working on a 2D world editor and a world format subsequently. If I were to handle the game "world" being created just as a layered set of structures, either in top or side views, it would be considerably simple to do most things. But, since this editor is meant for 3rd parties, I have no clue how big worlds one will want to make and I need to keep in mind that eventually it will become simply too much to check, handling and comparing stuff that are happening completely away from the player position. I know the solution for this is to subdivide my world into sub regions and stream them on the fly, loading and unloading resources and other data. This way I know a virtually infinite game area is achievable. But, while I know theoretically what to do, I really have a few questions I'd hoped to get answered for some hints about the topic. The logic way to handle the regions is some kind of grid, would you pick evenly distributed blocks with equal sizes or would you let the user subdivide areas by taste with irregular sized rectangles? In case of even grids, would you use some kind of block/chunk neighbouring system to check when the player transposes the limit or just put all those in a simple array? Being a region a different data structure than its owner "game world", when streaming a region, would you deliver the objects to the parent structures and track them for unloading later, or retain the objects in each region for a more "hard-limit" approach? Introducing the subdivision approach to the project, and already having a multi layered scene graph structure on place, how would i make it support the new concept? Would you have the parent node have the layers as children, and replicate in each layer node, a node per region? Or the opposite, parent node owns all the regions possible, and each region has multiple layers as children? Or would you just put the region logic outside the graph completely(compatible with the first suggestion in Q.3) When I say virtually infinite worlds, I mean it of course under the contraints of the variable sizes and so on. Using float positions, a HUGE world can already be made. Do you think its sane to think beyond that? Because I think its ok to stick to this limit since it will never be reached so easily.. As for when to stream a region, I'm implementing it as a collection of watcher cameras, which the streaming system works with to know what to load/unload. The problem here is, i will be needing some kind of warps/teleports built in for my game, and there is a chance i will be teleporting a player to a unloaded region far away. How would you approach something like this? Is it sane to load any region to memory which can be teleported to by a warp within a radius from the player? Sorry for the huge question, any answers are helpful!

    Read the article

  • Web Site Not Responding . Error? [closed]

    - by AJIT RANA
    I developed a web application and currently its live here. But I am getting error from last 2 days. Oops! Google Chrome could not connect to domain.com Suggestions: Access a cached copy of www.domain.com Try reloading: domain.con Search on Google: It was working fine before. Now when it connect to website it does not show my flash and formatted site. its shows plain text and images. you can check web link here..domain.com

    Read the article

  • 7 Tips to Avoid Fatal Results in Search Engine Optimization Process

    Most companies whether big or small rely on the search engine marketing techniques for making the site more popular and definitely more search-engine friendly. You have to understand that there will be a lot of companies which will offer their SEO techniques. But you need to be extra cautious when you choose the company. Check out the 7 tips which should be followed if you want to avoid fatal mistakes.

    Read the article

  • Best way to implement an AI for Dominion? [on hold]

    - by j will
    I'm creating a desktop client and server backend for the game, Dominion, by Donald X. Vaccarino. I've been reading up on AI techniques and algorithms and I just wanted to what is the best way to implement an AI for such a game? Would it better to look at neural networks, genetic algorithms, decision trees, fuzzy logic, or any other methodology? For those who do not know how Dominion works, check out this part of the wikipedia article: http://en.wikipedia.org/wiki/Dominion_(card_game)#Gameplay

    Read the article

  • Leverage technology to support your Global Talent Strategy

    - by Nancy Estell Zoder
    Do you want to hear the latest on global organizations and how they are adapting their talent and technology strategies to align with market trends? Watch Deloitte in partnership with Oracle present these trends. Learn how organizations are leveraging technology to support the changes that are being made in Human Resources to adapt in this integrated environment. For the latest on PeopleSoft, check out the video demonstrations on YouTube.

    Read the article

  • SQLServerCentral Best Practices Clinic: Part 4

    In this next installment looking at implementing best practices here at SQLServerCentral, Brad McGehee looks at a few performance counters and what they tell us about the performance of our database server. The Future of SQL Server Monitoring "Being web-based, SQL Monitor enables you to check on your servers from almost any location" Jonathan Allen.Try SQL Monitor now.

    Read the article

  • Windows Phone 7 + Azure.and a couple of nuggets

    I recently gave a talk about Windows Phone 7 at a Bizpark Camp in San Francisco.  The camp had two focuses: Azure and Windows Phone 7.  My presentation covered WP7 portion of the camp.  During my presentation I highlighted the phone platform and talked about some of the differentiators from design, technology and a business standpoint.    Whenever I watch presentations or go to tech meet-ups I feel like I get the most value when I can walk away with a few nuggets that I wouldnt necessarily have known about otherwise.  That said, I tried to add a few resources into my presentation that should be helpful when building WP7 apps.      Nuggets Seeing that the camp was focused on Azure and WP7 I decided to augment my presentation with a code sample.  The intention was to give some insight on how to approach building WP7 applications that talk to Azure.  Some colleges of mine here at Clarity have posted a sample on codeplex focused on getting up and running with WP7 and Azure..you can check it out HERE.   The project is not a hello world app, and is targeted at people who have some experience with the platform and a working knowledge of silverlight. Also, during my presentation I mentioned some limitations with the current phone sdk.  Our sample code on contains work-abounds for the following: #1 Panorama Control #2  Tilt effect #3   Animating Frame #4   Sample architecture (leveraging MVVM light)  and coding patterns.  Note: For the sample phone project we used an azure token that will expire in the next couple of months.  When that happensin the downloads section of the codeplex project there a link to a local development fabric that can be used for local development Presentation Admittedly, the slide deck is pretty design heavy, and doesnt contain much text.  This was semi-intentional to encourage people to come out to the camps and hear it first hand.  There is some additional info found the notes of the PPTX.  Dont forget to check out the full presentation at the Chicago Bizspark Camp on May 21st here at the Clarity Office.  Or on June 4th in  Los Angeles. You can DOWNLOAD the Slides here:  PPTX  |  PDF or view it inline below.  View more presentations from eklimcz. Cheers! Erik Klimczak  | [email protected] | twitter.com/eklimczDid you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Windows Phone 7 + Azure.and a couple of nuggets

    I recently gave a talk about Windows Phone 7 at a Bizpark Camp in San Francisco.  The camp had two focuses: Azure and Windows Phone 7.  My presentation covered WP7 portion of the camp.  During my presentation I highlighted the phone platform and talked about some of the differentiators from design, technology and a business standpoint.    Whenever I watch presentations or go to tech meet-ups I feel like I get the most value when I can walk away with a few nuggets that I wouldnt necessarily have known about otherwise.  That said, I tried to add a few resources into my presentation that should be helpful when building WP7 apps.      Nuggets Seeing that the camp was focused on Azure and WP7 I decided to augment my presentation with a code sample.  The intention was to give some insight on how to approach building WP7 applications that talk to Azure.  Some colleges of mine here at Clarity have posted a sample on codeplex focused on getting up and running with WP7 and Azure..you can check it out HERE.   The project is not a hello world app, and is targeted at people who have some experience with the platform and a working knowledge of silverlight. Also, during my presentation I mentioned some limitations with the current phone sdk.  Our sample code on contains work-abounds for the following: #1 Panorama Control #2  Tilt effect #3   Animating Frame #4   Sample architecture (leveraging MVVM light)  and coding patterns.  Note: For the sample phone project we used an azure token that will expire in the next couple of months.  When that happensin the downloads section of the codeplex project there a link to a local development fabric that can be used for local development Presentation Admittedly, the slide deck is pretty design heavy, and doesnt contain much text.  This was semi-intentional to encourage people to come out to the camps and hear it first hand.  There is some additional info found the notes of the PPTX.  Dont forget to check out the full presentation at the Chicago Bizspark Camp on May 21st here at the Clarity Office.  Or on June 4th in  Los Angeles. You can DOWNLOAD the Slides here:  PPTX  |  PDF or view it inline below.  View more presentations from eklimcz. Cheers! Erik Klimczak  | [email protected] | twitter.com/eklimczDid you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Stairway to XML: Level 5 - The XML exist() and nodes() Methods

    The XML exist() method is used, often in a WHERE clause, to check the existence of an element within an XML document or fragment. The nodes() method lets you shred an XML instance and return the information as relational data. 12 essential tools for database professionalsThe SQL Developer Bundle contains 12 tools designed with the SQL Server developer and DBA in mind. Try it now.

    Read the article

  • SilverlightShow for Feb 21 - 27, 2011

    - by Dave Campbell
    Check out the Top Five most popular news at SilverlightShow for Feb 21 - 27, 2011. Here are the top 5 news on SilverlightShow for last week: An Interview with Jeff Wilcox about his work with Silverlight and the Silverlight Toolkit Free SilverlightShow Webinar - Building LOB Apps with Silverlight and WCF Data Services ReSharper C# snippet for MVVM ViewModel Property creation Silverlight 4: Creating useful base classes for your views and viewmodels with PRISM 4 Free SilverlightShow Webinar: WCF RIA Services Validation Visit and bookmark SilverlightShow. Stay in the 'Light

    Read the article

  • OBIEE 11.1.1.5.0 Bundle Patch 2 is available

    - by mshahi
    Oracle BI EE 11.1.1.5.0 Bundle Patch 2 is available. The Patch number is 13611078 and it can be downloaded from Oracle Support (you can download it without password). This patch currently is available on Microsoft Windows x64 (64 bit), Linux x86 - 64 bit, IBM AIX on Power System (64 bit) and Oracle Solaris Sparc (64 bit). Remaining four platforms Win32, Linux32, HP-Itanium, and Solaris x86-64 are expected 3-4 weeks later. This Patch has thoroughly been tested and signed off by BI QA Team.  Important things to know: 1. All the customers are advised to apply this patch as it contains around 248 bug fixes. Please read the README file for all the bug fixes contained in this patch.   2. This patch can be applied via opatch. Please follow the standard process of applying this patch using opatch, i.e. stop all BI System processes via opmnctl, Stop WLS Managed and Admin Servers, Apply Patch, Start WLS Admin and Managed Servers, Check if all the J2EE applications are running fine, Start all BI System Processes via opmnctl command, and verify your fixes. It is advised to test this patch on Non Productions Instances first, run all the required tests / regressions and then move it to Production.    3. This Bundle Patch is cumulative to 11.1.1.5.0 BP1 (13562882) which was released in January 2012 on Linux x86 - 64 bit which contained around 64 bug fixes. Customers who have applied 11.1.1.5.0 BP1, will get expected OPatch conflict message, they can safely roll back BP1 prior to installing this BP2 or let opatch roll back BP1 during its application process.   4. Customer who have applied some one off patches and these one off patches are also part of 11.1.1.5.0 BP2, they can also roll back their existing one off patches after confirming that their fixes are part of BP2.    5. This Bundle Patch is not cumulative on top of 11.1.1.5.0, meaning this bundle patch does not contain all the one off fixes that were delivered on top of 11.1.1.5.0. All the remaining one off fixes delivered so far, will be available in next scheduled bundle patch i.e. 11.1.1.5.0 BP3. Please check the README file and let support know if your existing fixes are not part of BP2, so that support can open One Off Backport (OOB) request to have them included in next patch i.e. BP3.   6. 11.1.1.5.0 BP3 is in planning stages, and dates for it's availability will be announced in next couple of weeks.

    Read the article

  • Combining Shared Secret and Certificates

    - by Michael Stephenson
    As discussed in the introduction article this walkthrough will explain how you can implement WCF security with the Windows Azure Service Bus to ensure that you can protect your endpoint in the cloud with a shared secret but also combine this with certificates so that you can identify the sender of the message.   Prerequisites As in the previous article before going into the walk through I want to explain a few assumptions about the scenario we are implementing but to keep the article shorter I am not going to walk through all of the steps in how to setup some of this. In the solution we have a simple console application which will represent the client application. There is also the services WCF application which contains the WCF service we will expose via the Windows Azure Service Bus. The WCF Service application in this example was hosted in IIS 7 on Windows 2008 R2 with AppFabric Server installed and configured to auto-start the WCF listening services. I am not going to go through significant detail around the IIS setup because it should not matter in relation to this article however if you want to understand more about how to configure WCF and IIS for such a scenario please refer to the following paper which goes into a lot of detail about how to configure this. The link is: http://tinyurl.com/8s5nwrz   Setting up the Certificates To keep the post and sample simple I am going to use the local computer store for all certificates but this bit is really just the same as setting up certificates for an example where you are using WCF without using Windows Azure Service Bus. In the sample I have included two batch files which you can use to create the sample certificates or remove them. Basically you will end up with: A certificate called PocServerCert in the personal store for the local computer which will be used by the WCF Service component A certificate called PocClientCert in the personal store for the local computer which will be used by the client application A root certificate in the Root store called PocRootCA with its associated revocation list which is the root from which the client and server certificates were created   For the sample Im just using development certificates like you would normally, and you can see exactly how these are configured and placed in the stores from the batch files in the solution using makecert and certmgr.   The Service Component To begin with let's look at the service component and how it can be configured to listen to the service bus using a shared secret but to also accept a username token from the client. In the sample the service component is called Acme.Azure.ServiceBus.Poc.Cert.Services. It has a single service which is the Visual Studio template for a WCF service when you add a new WCF Service Application so we have a service called Service1 with its Echo method. Nothing special so far!.... The next step is to look at the web.config file to see how we have configured the WCF service. In the services section of the WCF configuration you can see I have created my service and I have created a local endpoint which I simply used to do a little bit of diagnostics and to check it was working, but more importantly there is the Windows Azure endpoint which is using the ws2007HttpRelayBinding (note that this should also work just the same if your using netTcpRelayBinding). The key points to note on the above picture are the service behavior called MyServiceBehaviour and the service bus endpoints behavior called MyEndpointBehaviour. We will go into these in more detail later.   The Relay Binding The relay binding for the service has been configured to use the TransportWithMessageCredential security mode. This is the important bit where the transport security really relates to the interaction between the service and listening to the Azure Service Bus and the message credential is where we will use our certificate like we have specified in the message/clientCrentialType attribute. Note also that we have left the relayClientAuthenticationType set to RelayAccessToken. This means that authentication will be made against ACS for accessing the service bus and messages will not be accepted from any sender who has not been authenticated by ACS.   The Endpoint Behaviour In the below picture you can see the endpoint behavior which is configured to use the shared secret client credential for accessing the service bus and also for diagnostic purposes I have included the service registry element.     Hopefully if you are familiar with using Windows Azure Service Bus relay feature the above is very familiar to you and this is a very common setup for this section. There is nothing specific to the username token implementation here. The Service Behaviour Now we come to the bit with most of the certificate stuff in it. When you configure the service behavior I have included the serviceCredentials element and then setup to use the clientCertificate check and also specifying the serviceCertificate with information on how to find the servers certificate in the store.     I have also added a serviceAuthorization section where I will implement my own authorization component to perform additional security checks after the service has validated that the message was signed with a good certificate. I also have the same serviceSecurityAudit configuration to log access to my service. My Authorization Manager The below picture shows you implementation of my authorization manager. WCF will eventually hand off the message to my authorization component before it calls the service code. This is where I can perform some logic to check if the identity is allowed to access resources. In this case I am simple rejecting messages from anyone except the PocClientCertificate.     The Client Now let's take a look at the client side of this solution and how we can configure the client to authenticate against ACS but also send a certificate over to the service component so it can implement additional security checks on-premise. I have a console application and in the program class I want to use the proxy generated with Add Service Reference to send a message via the Azure Service Bus. You can see in my WCF client configuration below I have setup my details for the azure service bus url and am using the ws2007HttpRelayBinding.   Next is my configuration for the relay binding. You can see below I have configured security to use TransportWithMessageCredential so we will flow the token from a certificate with the message and also the RelayAccessToken relayClientAuthenticationType which means the component will validate against ACS before being allowed to access the relay endpoint to send a message.     After the binding we need to configure the endpoint behavior like in the below picture. This contains the normal transportClientEndpointBehaviour to setup the ACS shared secret configuration but we have also configured the clientCertificate to look for the PocClientCert.     Finally below we have the code of the client in the console application which will call the service bus. You can see that we have created our proxy and then made a normal call to a WCF in exactly the normal way but the configuration will jump in and ensure that a token is passed representing the client certificate.     Conclusion As you can see from the above walkthrough it is not too difficult to configure a service to use both a shared secret and certificate based token at the same time. This gives you the power and protection offered by the access control service in the cloud but also the ability to flow additional tokens to the on-premise component for additional security features to be implemented. Sample The sample used in this post is available at the following location: https://s3.amazonaws.com/CSCBlogSamples/Acme.Azure.ServiceBus.Poc.Cert.zip

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 198 199 200 201 202 203 204 205 206 207 208 209  | Next Page >