Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to securely integrate EC2 hosted Shiny app into asp.net project

Tags:

asp.net

amazon-web-services

amazon-ec2

shiny

shiny-server

I have two applications.

  1. R Shiny app hosted on EC2
  2. Asp.net application hosted on Azure.

The asp.net app preforms user authentication and is used to organize a whole data science pipeline. A user provides data, the data scientist transforms the data and delivers a shiny app. Finally, the user opens the Shiny app within the asp.net application.

The problem I have is that I don't know how to integrate the Shiny app that I have developed within the asp.net application securely.

I could solve the problem like this:

enter image description here

Basically, I can make a simple iframe with a link to the public domain of the EC2 instance. However, this is not secure. Anybody can find and access the url with a simple page source click.

Another option that I have considered is to limit the IP address in the EC2 security groups. However, the problem is that the asp.net application is supposed to be used by different entities/independent users. So the security needs to be more granular [does the user have access to app, project within app, container within a project?] than just a server IP address.

Also, I have thought to provide a second level of authentication within the actual Shiny app, however this essentially loses the point of the asp.net authentication in the first place.

Any ideas or hints in what direction I should continue with research?

like image 314
Prometheus Avatar asked Jul 09 '18 07:07

Prometheus

1 Answers

I think you're right, there are two options. The first is to create a secure connection between the two servers and use the .Net app to proxy the traffic, but that defeats the point.

The second is to authenticate the use with both servers. You could do this by having the .Net server somehow pass data about the active sessions to the Shiny app to synchronise them but that isn't ideal.

You could instead use an authentication mechanism such as JWT where the .Net server would issue the client a token (i.e. cookie or embedded into the iFrame URL) when they log in and the client would then pass this to the token to the Shiny server, which would only have to validate the token. If using cookies you would need to make sure both servers are on the same subdomain so that the token is set properly.

like image 181
OllyTheNinja Avatar answered Nov 02 '22 11:11

OllyTheNinja
Sign in to Comment

Related questions

Intercept redirects from UpdatePanel Posts
how to POST data to external URL in MVC4 using server side
OWIN AuthorizeEndpoint with redirect_uri different than uri of web api
Is it bad practice to use static fields to cache large objects in ASP.NET?
How to prioritize Web Api Controllers over IHttpHandler?
Structuring a Web API Stack for Versioning
Web Services does not work in mono 4
ASP.NET Web API + ASP.NET MVC Authentication
In Visual Studio 2015 is there a way to debug Javascript using a browser other than Internet Explorer?
Why did the new ASP.NET Identity tables stop using Guid (uniqueidentifier type) as keys?
Including current user into every call to service layer from controller
Merging ASP.Net Identity DbContext with my DbContext
"The specified network password is not correct" on a certificate without a password, on live server only
SQL XML or JSON to return to Objective-C via ASP.NET
How to access users calendar list and events from google api using access token and refresh token
Best practice for storing passwords for automation
ASP.NET 4.6 async controller method loses HttpContext.Current after await
ASP.NET Webforms with async/await
LocalDB using in Azure App service
Why can't I install Microsoft.VisualStudio.Web.CodeGeneration.Tools 2.0.1 via nuget? Asp.NET CORE 2.0.1

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!