Web servers supporting FastCGI Filters - fastcgi

I'm in the process of writing a FastCGI wire protocol implementation in C (also exports a higher-level C++ interface for writing application servers) and I've got enough of it completed to perform more thorough testing.
I've recently completed a full FastCGI Authorizer that implements HTTP Basic authentication and I'm testing it against other FastCGI implementations to validate that it works according to the specification. However, it seems most gateways (web servers) only support the "Responder" role, a very select few support the "Authorizer" role and I have yet to find one that supports the "Filter" role.
I'm testing the "Responder" role against NGINX and the "Authorizer" role against LigHTTPd. I've validated so far that none of NGINX, LigHTTPd and Apache support the "Filter" role. Cherokee and IIS don't seem to support setting a role, so I assume they only support the "Responder" role.
Does anyone know of a web server that supports the FastCGI "Filter" role, or is it a part of the specification that's never been implemented?

Oracle iPlanet Web Server 7.0.9 mentions this:
<Object name=<"filter.fcgi">
Service
fn="filter-fastcgi"
app-path="/fastcgi/apps/filter/SimpleFilter.exe"
bind-path="localhost:3434"
app-env="LD_LIBRARY_PATH=/fastcgi/fcgi-2.4/libfcgi/.libs"
</Object>
which clearly mentions filter miltiple times, so this one sounds like it would support it.

Related

Can we use Apache Sling for Production serving a website directly without any other web server?

We are developing a website using Apache Sling API. The site works good on localhost:8080. Can we change have our website served from directly from Sling instead of any middle web servers (like Apache)?
Can we change the host name in Apache Felix Http Based Http Service from 0.0.0.0 to www.domain.com ?
Is this possible?
www.domain.com --> Apache Sling --> Linux VM
Yes, of course you can. But as the commenters have pointed out, it's probably not a secure solution. We do not have our our production-readiness checklist, but you might want to study the AEM Security checklist, as many items apply to it.
Pay special attention to items such as:
Change Default Passwords For the AEM and OSGi Console Admin Accounts
Protect against Cross-Site Request Forgery
Unfortunately many of the items present under the dispatcher checklist are not applicable, since the dispatcher is only available to AEM customers. However, at a minimum I would suggest that you block access to
the web console
composum (if deployed)
the DavEx Servlet

Uploading MVC site to server

I've built an .NET MVC4 website using C#, and now I want to upload it to the internet.
I've never uploaded any website so I don't really know what steps I need to do.
Does it matter what kind of server to use, because when I run the website through VS2012 I can see it runs with IIS express, but then I realized there are several kinds of servers, like apache. Do I need specific kind of server?
And what about domain? what is the difference between domain and server.
Thanks.
You will need IIS for running .NET applications. Apache is more suited for Java, PHP and other languages.
The server/hosting is the space where you upload your project files.
The domain or ip address is what in put in your browser bar to be able to access your application. (Ex: google.com is a domain which is pointing to some server where the google site is hosted).Unless you want to access your application by typing the ip address of the server in the browser you need to buy a domain.
Take a look here for a more detailed explanation:
http://support.hostgator.com/articles/hosting-guide/what-is-the-difference-between-domains-vs-hosting-vs-website
Many web hosting providers allow you to buy a domain when purchasing the hosting serivce but you can buy it separatly and then point it to the ip address of your server.
I dont know many about WIndows web hosting providers but you might start looking in the Microsoft Asp.net website: http://www.microsoft.com/web/hosting/home
In your case you need to choose a hosting provider which supports MVC4.
Then you need to upload your project to the server. Take a look here: http://msdn.microsoft.com/en-us/library/dd410407(v=vs.90).aspx
Your server should come with an FTP account configured. You can use it to upload your files.
A domain is only a address in the internet which allows people to find certain places like an adress in a city.
So in order to make people find your stuff on the internet you have to have it a domain name.
It's the www.mvc4.com <----domain name
The other thing is the type of Server you need apache is also a server but in most cases it is used with java applications. What you need to do is to find a server which supports C# code and
type in .net hosting in google and you will find a lot hosters where you can register domain name for your C# code
step 1: Buy domain from website like Godaddy, net4 india etc
Step 2: Buy windows hosting to host MVC Application from web hosting like Godaddy, net4 india etc. Please buy latest framework hosting
Step 3: Build application using MVC(any version)
Step 4: Upload the published files to FTP.
Run the application.

SignalR on non-Azure Web Farm

I have implemented SignalR support for web application. It works great. The problem I'm dealing now is make it work in non-Azure web farm environment. SignalR supports Windows Azure Service Bus and Redis out of the box. Also there is RabbitMQ implementation on GitHub. All these solutions implement IMessageBus interface.
Based on our current situation we can't use Redis or RabbitMQ. So I have few questions:
1) Is there any alternative solution that uses SQL Server or MSMQ?
2) Is it difficult (possible) to implement your own solution for SQL Server or MSMQ? David's post on SignalR 0.5 (http://weblogs.asp.net/davidfowler/archive/2012/05/02/signalr-0-5.aspx) says they are going to support SQL Server QNS or Service Broker (not SQL Server DB itself) so maybe it's a wrong way at all?
3) Is there a way to work around until this support is implemented? For example, it sounds like the we need to handle state of the connections list between servers. If we know number of nodes and their IPs we can share this information between servers via Web Service calls instead. Does it make any sense?
Damian Edwards appears to have just started working on the SQL scaleout implementation. You can find the details of that implementation here on GitHub and the issue tracking this work can be followed here.

Best choice for robust self hosting server: WCF vs. ASP.NET Web Api

We currently have an .NET 4 application that consists of Windows Service running in the background and local or remote clients (only 1-3 normally).
The clients have a WPF GUI and need some data from the windows service. Therefore, we use WCF with NamedPipe binding for a local client and NetTcp binding for remote clients. This works, but we often have problems with endpoints that are not reachable (channel faulted or not found etc.). We already try to rebuild faulted connections but it seems to be pretty fragile...
Now enter Web Api: It looks like a HTTP based stack might be more robust (no channels, no endpoints, can be self-hosted in windows service as well). There seems to be no problems with broken channels because each request is handled individually. So if something fails, you just repeat the request. (And we have experience with ASP.NET MVC from other apps, so this not new to us).
Now we are thinking what might be our best bet. Is it better to "harden" our existing WCF service (one service interface with about 15 operations) or to move the interface to Web Api and run it as HTTP requests (with JSON data)? Performance is not our main issue here...
Any ideas?
Hartmut
I recommend you stick with WCF (SOAP) services for your WPF application rather than moving to the Web API. There are a number of reasons for this. First I think we need to consider what the new Web API is trying to address - namely to provide a framework for supporting RESTful/HTTP/hypermedia services. This is likely to be a good fit for building applications that make heavy use of HTTP such as web, mobile and JavaScript applications, where you want to maximise the "reach" or interopability of your services (irrespective of platform). This is not to say that you can't use it for WPF clients but in your case, where all traffic is local to your domain, it makes more sense to stick with your current implementation.
The binding choices you have made for your services / clients sound ok to me. I would focus on why your channels are faulting and address these issues. You may also want to consider hosting your services via IIS and use WAS to expose your non-HTTP endpoints. I have had much success with this in the past and for the most part has been pretty stable. It also takes away a few of the headaches with managing your own host. If you are concerned about the TCP binding faults, then just create a new HTTP or wsHTTP endpoint and use that instead. This will provide you exactly the same transport the web api uses without having to change your programming model.

Retrieve NTLM Active Directory user data to Rails w/o IIS

I believe that we can allow Firefox to sent NTLM data to SharePoint sites to do automatic authentication, and I think that this is doable with IIS.
I'd like to do the same thing with an internal Rails site.
Does anyone know of way that I could authenticate NTLM type user information through a Apache/mongrel setup (provided of course that it's already running on a Windows box inside of an Active Directory domain)?
I created tutorial on how to install patched mod_ntlm module for Apache on Linux and how to pass NTLM authenticated username to Rails and how create Rails session from that. So as a result you do not need Windows server for running Rails application.
There you can find also how to enable automatic NTLM authentication in Firefox — enter "about:config" in location field and then search for "network.automatic-ntlm-auth.trusted-uris". There you can enter servers for which you would like to use automatic NTLM authentication.
Bit of extra info in case anyone stumbles across this.
I wanted to do something which I thought should be pretty simple - extract the users windows username using NTLM from a Rails app running on Mongrel/Windows (InstantRails actually). Having written the basic code manage the various handshaking operations (using the great NTLMRuby library at http://rubyforge.org/projects/rubyntlm/) and having got it to work wonderfully in Firefox I was somewhat frustrated to find IE not working.
Mongrel doesn't support keep-alives during the type1/2/3 message exchange (at least natively, I believe there's a hack/fix for it), which IE demands and Firefox gets by without.
So authenticating a Rails server running on Windows against a remote NTLM service (e.g. Sharepoint or another web site) is reasonably straight forward, but authenticating an IE browser against a Rails server running on Windows not so much with Mongrel. IIS would be an option, as might be basic Apache with FastCGI. The former feels a bit clunky and the latter won't be as fast as Mongrel.
I'm assuming you've already worked out which HTTP headers you need to send in order to get firefox and IE to send back the NTLM authentication stuff, and are just needing to handle that on the server side?
You could use some of ruby's win32 libraries to access the underlying windows authentication functions which handle the NTLM.
I'd suggest the path of least resistance might be to see if there is a COM component which can do the authentication for you, and if so, to use it using the Win32OLE ruby library.
If there's no COM component, you might be able to find something in one of those other libraries which can invoke the native win32 methods for you.
If you can't find that, you'd have to write a ruby C extension. I've done this on linux, and extending ruby is pretty easy, but you may find the microsoft authentication API's a bit painful.
Hope that gets you started on the right track :-)
You could also use the Apache ntlm module, which should pass a header onwards to your application with the username of the authenticated user. That module looks a bit old, but suggests some other modules that may suit your needs.
Old question I know but I came across this looking for a similar answer.
you could use the methods described here (http://blog.rayapps.com/2008/12/02/ntlm-windows-domain-authentication-for-rails-application/). However mod_ntlm is for windows authentication on a UNIX/linux machine. mod_auth_sspi is what you'll need for winNT authentication from apache under windows.
This particular project looks promising and is looking for contributors:
Rack middleware for transparent authentication with NTLM.
I haven't yet tried this out. For the moment I plan on implementing Raimonds' solution as it appears to have a lot of success.
Check out Waffle. It provides SSO on Windows to Java servers using Win32 API. There're a number of implemented filters (servlet, tomcat valve, spring-security).

Resources