Segregating anonymous access to dynamic content on a web server, with cached logons

US 8,032,930 B2
Filed: 10/17/2008
Issued: 10/04/2011
Est. Priority Date: 10/17/2008
Status: Active Grant

First Claim

Patent Images

1. An automated method of impersonating a user account associated with a website to serve dynamic content from that website, the method comprising:

receiving at a web server a request for dynamic content of a first website hosted by the web server;

associating the request for dynamic content with a default anonymous user account on the web server;

identifying a custom user account corresponding to the first website, in a database separate from the web server, wherein the custom user account is configured with permission to access content of the first website but not content of a second website hosted by the web server;

invoking a logon cache manager configured to cache logon handles for sharing among multiple processes executing on the web server;

at the logon cache manager;

searching a cache for a logon handle for the custom user account;

if said search of the cache fails;

logging in as the custom user account;

receiving the logon handle for the custom user account and storing the logon handle in the cache;

duplicating the logon handle for the custom user account; and

returning the duplicate logon handle in response to said invoking; and

if said search of the cache succeeds;

duplicating the logon handle for the custom user account; and

returning the duplicate logon handle in response to said invoking;

associating the request for dynamic content with the custom user account instead of the default anonymous user account, by attaching the duplicate logon handle to the request for dynamic content;

serving the requested dynamic content; and

before the request is terminated, removing the duplicate logon handle from the request for dynamic content and re-associating the request for dynamic content with the default anonymous user account instead of the custom user account.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided for segregating access to dynamic content on multiple websites hosted by a web server. When a request is received for dynamic content from a website, a UserRetriever module identifies a path to the content and retrieves a username and password corresponding to the website, from a database that is separate from the web server and used for other purposes (e.g., billing). A UserImpersonator module requests a logon handle for that username from a logon cache manager. The logon handle is used to associate the request with the impersonated user account instead of the default anonymous user account with which the request was initially associated. The dynamic content is retrieved and served under the context of the restricted impersonated user account session, after which the applied logon handle is stripped off and the request is re-associated with the default anonymous user account.

62 Citations

View as Search Results

15 Claims

1. An automated method of impersonating a user account associated with a website to serve dynamic content from that website, the method comprising:
- receiving at a web server a request for dynamic content of a first website hosted by the web server;
  
  associating the request for dynamic content with a default anonymous user account on the web server;
  
  identifying a custom user account corresponding to the first website, in a database separate from the web server, wherein the custom user account is configured with permission to access content of the first website but not content of a second website hosted by the web server;
  
  invoking a logon cache manager configured to cache logon handles for sharing among multiple processes executing on the web server;
  
  at the logon cache manager;
  
  searching a cache for a logon handle for the custom user account;
  
  if said search of the cache fails;
  
  logging in as the custom user account;
  
  receiving the logon handle for the custom user account and storing the logon handle in the cache;
  
  duplicating the logon handle for the custom user account; and
  
  returning the duplicate logon handle in response to said invoking; and
  
  if said search of the cache succeeds;
  
  duplicating the logon handle for the custom user account; and
  
  returning the duplicate logon handle in response to said invoking;
  
  associating the request for dynamic content with the custom user account instead of the default anonymous user account, by attaching the duplicate logon handle to the request for dynamic content;
  
  serving the requested dynamic content; and
  
  before the request is terminated, removing the duplicate logon handle from the request for dynamic content and re-associating the request for dynamic content with the default anonymous user account instead of the custom user account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein:
    - said serving comprises invoking an entity configured to execute the dynamic content.
  - 3. The method of claim 1, wherein the default anonymous user account is an account under which anonymous requests for content are logged on.
  - 4. The method of claim 1, wherein the database comprises information for managing operation of the web server, in addition to a mapping of given website content to a given user account to use for accessing the given website content.
  - 5. The method of claim 4, wherein said information comprises a path to the requested dynamic content.
  - 6. The method of claim 4, wherein said information comprises one or more of:
    - billing data;
      
      service provisioning information;
      
      attributes of the website; and
      
      usage statistics of the website.
  - 7. The method of claim 1, wherein the database is a database other than a metabase implemented with Internet Information Services software.
  - 8. The method of claim 1, wherein said attaching the duplicate logon handle to the request comprises attaching the duplicate logon handle to a thread of execution associated with the request.
  - 9. The method of claim 1, wherein:
    - said invoking a logon cache manager comprises transmitting to the logon cache manager a request for the logon handle for the custom user account; and
      
      said request for the logon handle comprises a name of the custom user account, a password for the custom user account and an identifier of a process issuing said request for the logon handle.

10. A non-transitory computer readable medium storing instructions that, when executed by a computer, cause the computer to perform a method of impersonating a user account associated with a website to serve dynamic content from that website, the method comprising:
- receiving at a web server a request for dynamic content of a first website hosted by the web server;
  
  associating the request for dynamic content with a default anonymous user account on the web server;
  
  identifying a custom user account corresponding to the first website, in a database separate from the web server, wherein the custom user account is configured with permission to access content of the first website but not content of a second website hosted by the web server;
  
  invoking a logon cache manager configured to cache logon handles for sharing among multiple processes executing on the web server;
  
  at the logon cache manager;
  
  searching a cache for a logon handle for the custom user account;
  
  if said search of the cache fails;
  
  logging in as the custom user account;
  
  receiving the logon handle for the custom user account and storing the logon handle in the cache;
  
  duplicating the logon handle for the custom user account; and
  
  returning the duplicate logon handle in response to said invoking; and
  
  if said search of the cache succeeds;
  
  duplicating the logon handle for the custom user account; and
  
  returning the duplicate logon handle in response to said invoking;
  
  associating the request for dynamic content with the custom user account instead of the default anonymous user account, by attaching the duplicate logon handle to the request for dynamic content;
  
  serving the requested dynamic content; and
  
  before the request is terminated, removing the duplicate logon handle from the request for dynamic content and re-associating the request for dynamic content with the default anonymous user account instead of the custom user account.

11. A computer server configured to serve dynamic content from multiple websites, the server comprising:
- one or more hardware processors;
  
  web server program instructions executable by the one or more processors to receive a request for dynamic content of a first website hosted by the computer server and associate a default anonymous user account with the request for dynamic content;
  
  web server filter program instructions executable by the one or more processors to identify, in a database separate from the web server, a custom user account for accessing content of the first website, wherein the custom user account is unable to access content of a second website hosted by the computer server;
  
  cache manager program instructions, executable by the one or more processors to;
  
  cache logon handles for sharing among multiple processes executing on the computer server;
  
  search a cache for a logon handle for the custom user account;
  
  if said search of the cache is unsuccessful;
  
  logon as the custom user account;
  
  receive the logon handle for the custom user account and store the logon handle in the cache;
  
  duplicate the logon handle; and
  
  return the duplicate logon handle to web server extension program instructions; and
  
  if said search of the cache is successful;
  
  duplicate the logon handle; and
  
  return the duplicate logon handle to the web server extension program instructions; and
  
  the web server extension program instructions executable by the one or more processors to;
  
  associate the request for dynamic content with the custom user account instead of the default anonymous user account, by attaching the duplicate logon handle to the request for the dynamic content; and
  
  after the requested dynamic content is executed, remove the duplicate logon handle from the request for dynamic content and re-associate the request with the default anonymous user account instead of the custom user account, before the request is terminated.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The server of claim 11, wherein said cache manager program instructions are further executable by the one or more processors to receive a request for the logon handle for the custom user account, comprising:
    - a name of the custom user account;
      
      a password of the custom user account; and
      
      a process identifier of the web server extension program instructions.
  - 13. The server of claim 11, further comprising a connection to the database, wherein the database is other than a metabase implemented with Internet Information Services software.
  - 14. The server of claim 11, wherein the database comprises information for facilitating management of the web server, in addition to a mapping of the requested dynamic content to the custom user account.
  - 15. The server of claim 11, wherein:
    - said web server extension program instructions are further executable by the one or more processors to request the logon handle for the custom user account from said cache manager program instructions; and
      
      said cache manager program instructions are further executable by the one or more processors to receive the request for the logon handle for the custom user account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Hicks, Brian C.
Primary Examiner(s)
Shan; April

Application Number

US12/253,775
Publication Number

US 20100107227A1
Time in Patent Office

1,082 Days
Field of Search

726/5, 726/8, 726/9, 707/783, 707/784, 705/51, 713/182, 713/186
US Class Current

726/5
CPC Class Codes

G06F 16/972   Access to data in other rep...

G06F 21/31   User authentication

G06Q 40/12   Accounting

H04L 63/0407   wherein the identity of one...

H04L 63/104   Grouping of entities

Y10S 707/99939   Privileged access

Segregating anonymous access to dynamic content on a web server, with cached logons

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Segregating anonymous access to dynamic content on a web server, with cached logons

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links