Results 1 to 10 of 15

Hybrid View

  1. #1
    Member
    Join Date
    Jan 2007
    Location
    SomeCity
    Posts
    13

    Getting through IIS "Basic" authorization process

    Hi,

    I am wokring on a application that requires the use of IIS6's "Basic" authorization process. I have noticed that when using the "Basic" authorization that a user name/password has to be supplied to the Windows Active Directory agent so that the request can be validated and let through the firewall. My question is how do I set up lightstreamer so that it will pass this user information to the AD server so it can be propery validated?

    Right now when try to connect I recieve a javascript error on my ASP web page telling me: "Permission denied"

    Note: If I set 'LSHost = null' then everything connects correctly, however if I set LSHost to be the actual host address then it will not connect.

    Also as a second question:
    I am a little confused on how to properly configure the LS engine and client pages. My scenario is as follows (due to network restrictions...)

    https://site1.com -> firewall pieces -> my_web_server_IIS6:80 (no longer ssl)
    https://site2.com -> firewall pieces -> my_web_server_lightstreamer:8090 (no longer ssl)
    If I go to set up the context.Domain, what do i set it to?? If I use the site2 address, which lightstreamer is actually running accross, I get errors that the domain and the host are not the same. Are there other settings that I should be using in conjuncture with the host and domain settings?

    Thanks for all the help!

  2. #2
    Administrator
    Join Date
    Jul 2006
    Location
    Milan, Italy
    Posts
    521
    Regarding the second part of the question, you cannot use different domain names for Lightstreamer Server and the Web Server, for security reasons. So you cannot use a deployment scenario such as: https://site1.com and https://site2.com.
    You must use something like: https://www.site.com and https://push.site.com.

    Perhaps you first issue is related to a similar problem?

  3. #3
    Member
    Join Date
    Jan 2007
    Location
    SomeCity
    Posts
    13
    hmmm... This is going to make things interesting then. Our site is currently set up so that it is in the following format: https://site1.system.com for the main web applications and https://site2.system.com for the lightstreamer portion. Where the system.com portion is the same for both sites. The www.* part is not applicable in our situation. Is this still a invalid deployment scenario?

    If it is no longer a problem, would my set up be simular to this:
    LSHost = "site2.system.com"
    Domain = "system.com"

    If it is still a problem maybe you can give me some more ideas on how to get around it. The primary issue for us is that our firewalls only allow port 443 through them. Once traffic makes it through the firewall it is then authorized using windows "Basic" authorization scheme. (name and password required, no anonymous access allowed - issue #1) On the backside of the firewall our https://site1.system.com maps to webserver:80 (IIS - no longer ssl encrypted), and https://site2.system.com maps to webserver:8008 (Lightstreamer - no longer ssl encrypted). Unfortunently we have no way to allow any ports other than 443 thorough the system.
    With this constraint, is there a better way to config this? All ideas are appreaciated!

    Thanks!

  4. #4
    Administrator
    Join Date
    Jul 2006
    Location
    Milan, Italy
    Posts
    521
    https://site1.system.com for the web server and https://site2.system.com would be perfect. The domain will be of course "system.com".

  5. #5
    Member
    Join Date
    Jan 2007
    Location
    SomeCity
    Posts
    13
    Just out of curiosity, are there any special steps on the client side that need to be taken to use ssl encryption? I know that in the LS server config file there are places configure the ssl part of the server, are there any such settings that need to be done on the client side?

    I'm thinking that part of my problem might be that the client is not set up to use ssl correctly. In my scenario the data is sent ssl from the browser, it goes through a couple of firewalls (where the ssl encryption is stripped off) and then continues to the LS server (no longer ssl encrytped). Does anyone know of any special configuration setting that need to be made to make this situation work? Will it work this way? If I have to I can run ssl all the way to the LS server.

    Thanks for the help!

  6. #6
    Administrator
    Join Date
    Jul 2006
    Location
    Milan, Italy
    Posts
    521
    The protocol used to connect to Lightstreamer Server is always the same used to download the Master Push-Page. So if the Master Push-Page is downloaded through HTTP, then HTTP will be used for all the connections to Lightstreamer Server. It the Master Push-Page is downloaded through HTTPS, all the connections to Lightstreamer Server will use HTTPS.

    The port used to connect to Lightstreamer Server can be set through the setLSPort method.

 

 

Similar Threads

  1. Replies: 1
    Last Post: July 10th, 2012, 07:06 PM
  2. Replies: 7
    Last Post: June 7th, 2010, 10:38 AM
  3. Replies: 3
    Last Post: February 19th, 2010, 12:14 AM
  4. Replies: 1
    Last Post: September 18th, 2009, 10:13 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT +1. The time now is 07:50 PM.