Segregating anonymous access to dynamic content on a web server, with cached logons
First Claim
1. An automated method of impersonating a user account associated with a website to serve dynamic content from that website, the method comprising:
- receiving at a web server a request for dynamic content of a first website hosted by the web server;
associating the request for dynamic content with a default anonymous user account on the web server;
identifying a custom user account corresponding to the first website, in a database separate from the web server, wherein the custom user account is configured with permission to access content of the first website but not content of a second website hosted by the web server;
invoking a logon cache manager configured to cache logon handles for sharing among multiple processes executing on the web server;
at the logon cache manager;
searching a cache for a logon handle for the custom user account;
if said search of the cache fails;
logging in as the custom user account;
receiving the logon handle for the custom user account and storing the logon handle in the cache;
duplicating the logon handle for the custom user account; and
returning the duplicate logon handle in response to said invoking; and
if said search of the cache succeeds;
duplicating the logon handle for the custom user account; and
returning the duplicate logon handle in response to said invoking;
associating the request for dynamic content with the custom user account instead of the default anonymous user account, by attaching the duplicate logon handle to the request for dynamic content;
serving the requested dynamic content; and
before the request is terminated, removing the duplicate logon handle from the request for dynamic content and re-associating the request for dynamic content with the default anonymous user account instead of the custom user account.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are provided for segregating access to dynamic content on multiple websites hosted by a web server. When a request is received for dynamic content from a website, a UserRetriever module identifies a path to the content and retrieves a username and password corresponding to the website, from a database that is separate from the web server and used for other purposes (e.g., billing). A UserImpersonator module requests a logon handle for that username from a logon cache manager. The logon handle is used to associate the request with the impersonated user account instead of the default anonymous user account with which the request was initially associated. The dynamic content is retrieved and served under the context of the restricted impersonated user account session, after which the applied logon handle is stripped off and the request is re-associated with the default anonymous user account.
62 Citations
15 Claims
-
1. An automated method of impersonating a user account associated with a website to serve dynamic content from that website, the method comprising:
-
receiving at a web server a request for dynamic content of a first website hosted by the web server; associating the request for dynamic content with a default anonymous user account on the web server; identifying a custom user account corresponding to the first website, in a database separate from the web server, wherein the custom user account is configured with permission to access content of the first website but not content of a second website hosted by the web server; invoking a logon cache manager configured to cache logon handles for sharing among multiple processes executing on the web server; at the logon cache manager; searching a cache for a logon handle for the custom user account; if said search of the cache fails; logging in as the custom user account; receiving the logon handle for the custom user account and storing the logon handle in the cache; duplicating the logon handle for the custom user account; and returning the duplicate logon handle in response to said invoking; and if said search of the cache succeeds; duplicating the logon handle for the custom user account; and returning the duplicate logon handle in response to said invoking; associating the request for dynamic content with the custom user account instead of the default anonymous user account, by attaching the duplicate logon handle to the request for dynamic content; serving the requested dynamic content; and before the request is terminated, removing the duplicate logon handle from the request for dynamic content and re-associating the request for dynamic content with the default anonymous user account instead of the custom user account. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable medium storing instructions that, when executed by a computer, cause the computer to perform a method of impersonating a user account associated with a website to serve dynamic content from that website, the method comprising:
-
receiving at a web server a request for dynamic content of a first website hosted by the web server; associating the request for dynamic content with a default anonymous user account on the web server; identifying a custom user account corresponding to the first website, in a database separate from the web server, wherein the custom user account is configured with permission to access content of the first website but not content of a second website hosted by the web server; invoking a logon cache manager configured to cache logon handles for sharing among multiple processes executing on the web server;
at the logon cache manager;searching a cache for a logon handle for the custom user account; if said search of the cache fails; logging in as the custom user account; receiving the logon handle for the custom user account and storing the logon handle in the cache; duplicating the logon handle for the custom user account; and returning the duplicate logon handle in response to said invoking; and if said search of the cache succeeds; duplicating the logon handle for the custom user account; and returning the duplicate logon handle in response to said invoking; associating the request for dynamic content with the custom user account instead of the default anonymous user account, by attaching the duplicate logon handle to the request for dynamic content; serving the requested dynamic content; and before the request is terminated, removing the duplicate logon handle from the request for dynamic content and re-associating the request for dynamic content with the default anonymous user account instead of the custom user account.
-
-
11. A computer server configured to serve dynamic content from multiple websites, the server comprising:
-
one or more hardware processors; web server program instructions executable by the one or more processors to receive a request for dynamic content of a first website hosted by the computer server and associate a default anonymous user account with the request for dynamic content; web server filter program instructions executable by the one or more processors to identify, in a database separate from the web server, a custom user account for accessing content of the first website, wherein the custom user account is unable to access content of a second website hosted by the computer server; cache manager program instructions, executable by the one or more processors to; cache logon handles for sharing among multiple processes executing on the computer server; search a cache for a logon handle for the custom user account; if said search of the cache is unsuccessful; logon as the custom user account; receive the logon handle for the custom user account and store the logon handle in the cache; duplicate the logon handle; and return the duplicate logon handle to web server extension program instructions; and if said search of the cache is successful; duplicate the logon handle; and return the duplicate logon handle to the web server extension program instructions; and the web server extension program instructions executable by the one or more processors to; associate the request for dynamic content with the custom user account instead of the default anonymous user account, by attaching the duplicate logon handle to the request for the dynamic content; and after the requested dynamic content is executed, remove the duplicate logon handle from the request for dynamic content and re-associate the request with the default anonymous user account instead of the custom user account, before the request is terminated. - View Dependent Claims (12, 13, 14, 15)
-
Specification