Cloud Server

Q:

Is there a way to log the detailed http activity on the Lianja cloud server?

I’m in the process of writing and testing a Lianja authentication module in Angular 2 and I’m having problems getting access.

I have been able to use the Login() in LianjaCloudDataServer.js to login via a standard html page with no problems however I can’t seem to translate the process into Angular 2.

I format my headers and send using an http get and I get a valid OK response but no auth token is set. I’ve even modified the authenticate.rsp to include the contents of the _SERVER array in the response and it shows the AUTHTYPE, REMOTE_USER and REMOTE_PASSWORD fields have been updated, so the server thinks I’m logged in, but no token is set in the browser.

I’ve done some checking and the http headers I’m sending from Angular 2 appear to be the same as those sent by the LianjaCloudDataServer Login(). The only difference I can see if that there appears to be a query string being appended to the URL from Login() but I can’t seem to track down where that’s coming from.

A:

If you set the HKEY_LOCAL_MACHINE\SOFTWARE\Lianja\Lianja Server\NetServer\DB_WWWDEBUG Registry value to true, you will get firecat_debugXXXX.txt files under \lianja\debug\ reporting server activity.

(On 64 bit this will be HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Lianja\Lia nja Server\Netserver\DB_WWWDEBUG).

Q2:

I’ve worked out my Angular 2 Lianja login problem.

Enabling logging allowed me to see that my Http headers were missing the Accept and X-Requested-With headers.

I added the missing headers, which made my headers look identical to those generated by the LianjaCloudDataService.js Login(), but I was still unable to get authenticated.

Then, pretty much by accident, I cleared my browser cookies and sent my request and, will wonders never cease, it worked.

I did a bit more digging and found that the LianjaCludDataService.js Login() removes browser cookies before attempting to authenticate so, apparently, it was the presence of these cookies preventing me from getting authenticated.


on Windows you can integrate Lianja Cloud Server with IIS using the Lianja ISAPI Extension for IIS.


Q:

my question about individual databases of items…each customer I sell the application to (even if they use a cloud option) will have their databases residing on their own pc?

A:

Yes, individual database (i.e. table of items) of each customer you sell your application to will reside on his PC.
If it is LAN, then database will reside on one PC in that LAN.
In cloud, databases will be all together somewhere (e.g.Amazon Cloud) , but separated as “tenants” – and not aware of each other.

In Lianja folder you will find the table CUSTOMERS.DBF in 3 folders.
C:\lianja\cloudserver\tenants\public\data\southwind\
C:\lianja\data\southwind\
C:\lianja\server\data\southwind\

As you can see, there is the same structure where the database southwind (and the table customers.dbf) is located for development, app center, cloud.
About mapping the drives
https://www.lianja.com/doc/index.php…_Line_Switches
–runtimedatadir
–networkshare

–runtimedir
–tenancy


you can use Lianja Cloud Server to handle OData CRUD operations from other third party UI frameworks if that is a requirement. To use these OData functions on the client (no server side coding required) you should include the following files in your App:

/library/jquery-1.10.2/jquery-1.10.2.min.js
/library/LianjaWebFramework/LianjaCloudDataServices.js

This provides core javascript client side functionality for working with the LIanja Cloud Server. It is not required with Lianja Apps as they have the full framework included.


Q:

We are looking at using Lianja’s OData interface for our non-Lianja web and mobile clients.

Our specification calls for us to secure the interface using web tokens requiring clients to include a valid token in the header of every request which Lianja will have to validate prior to transmitting any data. Does Lianja include any mechanism’s for this type of security ? If not, do you have any suggestions as to how we should address this requirement?

A:

Lianja cloud server requires authentication and it uses a similar technique that you mention using an API KEY that is created as a server side session cookie. Once created on the server the cookie cannot be modified on the client.

We do not enforce this when using odata but we could, so I suggest you submit an enhancement request and we can add a setting for cloud server that requires login authentication before issuing odata calls.

in fact there is a Lianja.login() method in LianjaCloudServices.js already.

Also, I should mention that authentication can be via the Lianja users table or with AD/LDAP.

There is no state maintained on the server.

If you use OData calls you cannot inspect the http headers. OData is a RESTful interface.

If you write your own RESTful API you can do whatever you want at the expense of time and effort.

This has now been implemented in Lianja 3.2.1.

Name: Screen Shot 2017-02-10 at 10.56.44 AM.jpg Views: 34 Size: 61.7 KB

So if you check “Authenticated OData service” all OData RESTful API calls should be authenticated first. The user can be setup in Lianja or AD/LDAP. If the optional APIKEY is specified then no authentication is required but the HTTP headers must contain “lianjaOdataApiKey:yourkey” and your key must match the specified APIKEY.

As I mentioned earlier you need to include jquery and LianjaCloudDataServices.js which has methods for:

Lianja.login()
Lianja.isLoggedIn()
Lianja.logout
Lianja.OData_Create()
Lianja.OData_Read()
Lianja.OData_Update()
Lianja.OData_Delete()
Lianja.evaluate()
Lianja.getUrl()
Lianja.json_encode()
Lianja.json_decode()
Lianja.base64_encode()
Lianja.base64_decode()

and other useful methods.

Q2:

If I were hitting the page from a non-Lianja application, how would I authenticate initially? Is there a way to use User and UserRoles in this scenario?

I am imagining something like the initial oData call from the external app either passing a username and password assuming https or a vpn or a call to a method passing an encrypted username and password where other encryption isn’t in place.

A2:

You need to specify credentials in the HTTP headers and the client needs to be able to handle session cookies. If the client is not a browser it needs to be able to read the HTTP headers sent back by the cloud server and resend the session cookies for each request.

The cloud server does more than check the username and password. It also creates an authentication token as well as determine the roles assigned to the specified user.

These roles are used not only to control permissions in web and mobile apps but also (in 3.4 as stated in the roadmap) provide row level security and column masking.

So you need to go through the proper authentication mechanism.

http or https is the same technique. You just need to read the login() code in LianjaCloudDataServices.js and you will see how to send the authentication username and password. If you are not running in a browser you need to read the raw http response header and send the cookies it contains back on future requests. That’s how browsers work so you just have to look like a browser to the remote Lianja Cloud Server. In other words use the http protocol.

Q:

If you enable an option to require users to login prior to using the OData service, how would the server determine if a request comes from a logged in user?

A:

We create an encrypted session cookie. The details of this are internal and I would not like to explain for security reasons.

Any cookie created on the server and included in the http headers sent back to the client cannot be modified on the client. These are known as session cookies.

We inspect the http headers and check for the encrypted session cookie. It contains information to allow us to determine who the user is and what machine authenticated. We can then verify this authentication for each request made to the server.

I’m testing Beta7 with my server configured as so…
Name: configuration.png Views: 20 Size: 48.7 KB

I’m finding that I am unable to access http:\localhost:8001/login.rsp.
Name: authreq.PNG Views: 20 Size: 14.3 KB

This also appears to be preventing non-local access to the login.rsp as well…
Name: remoteauthreq.PNG Views: 20 Size: 15.3 KB

This might be down to my being confused about how these new settings are meant to work together but, as it currently stands, with this configuration, Lianja clients wouldn’t be able to authenticate if they can’t get to the login page.

ADDENDUM: I’ve now tested the the system with the server configured with Allow unauthenticated local access ENABLED and…
Name: configuration.png Views: 20 Size: 56.8 KB
both local and remote unauthenticated users are allowed to access login.rsp as well as other pages and odata resources. Authenticated users have full access.

ADDENDUM: I’ve now tested the system with the server configured with Allow unauthenticated local access, Authenticate OData requests and Authenticate Page requests all enabled and…
Name: configuration.png Views: 20 Size: 43.5 KB
both local and remote unauthenticated users are allowed to access login.rsp but are prevented from accessing any active pages or OData resources. Authenticated users are allowed full access.

A:

Allow unauthenticated local access should be left checked. It’s only relevant to Lianja SQL server.

The other settings you have screenshots of are working as expected.


Q:

Does the Lianja Cloud Server provides any means of tracking active sessions, active connections, active users etc?

A:

On windows, the Lianja server manager does that and displays the active connections.

Bear in mind though, when using the IIS plugin on Windows, connections may timeout and be kept alive and reused. The IIS plugin creates a bunch of connections when it starts up and allocates these when a connection request is made. If the number of connection requests exceeds the number of available connections new ones are created. Only when connections that are kept alive for a period of time timeout are they destroyed. This provides optimum throughput on a heavily loaded system.


Lianja Cloud will provide integrated Continuous Delivery using Amazon CodePipeline from an Amazon CodeCommit or GitHub git repository.

Amazon CodeCommit

Anyone with an AWS account can get started with AWS CodeCommit for free. Your account gets 5 active users per month for free (within limits), after which you pay $1 per additional active user per month. There are no upfront fees or commitments.

This AWS Free Tier offer for AWS CodeCommit is available to both new and existing AWS customers indefinitely, and does not expire at the end of the standard 12 month Free Tier term.

https://aws.amazon.com/codecommit/

We will provide more information about configuration when Lianja Hosted Cloud is available.

Amazon CodeDeploy

AWS CodeDeploy is a service that automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid downtime during application deployment, and handles the complexity of updating your applications. You can use AWS CodeDeploy to automate software deployments, eliminating the need for error-prone manual operations, and the service scales with your infrastructure so you can easily deploy to one instance or thousands.

One of the things we are also looking at is continuous database schema updates as part of the continuous delivery pipeline.

Amazon CodePipeline

AWS CodePipeline is a continuous integration and continuous delivery service for fast and reliable application and infrastructure updates. CodePipeline builds, tests, and deploys your code every time there is a code change, based on the release process models you define. This enables you to rapidly and reliably deliver features and updates. You can easily build out an end-to-end solution by using our pre-built plugins for popular third-party services like GitHub or integrating your own custom plugins into any stage of your release process. With AWS CodePipeline, you only pay for what you use. There are no upfront fees or long-term commitments.



 

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.