As part of a larger .NET proof-of-concept project I needed to query a remote Solr server protected by HTTP Basic Authentication. Some quick searching uncovered some helpful SolrNet resources (which I have listed below), however, to provide some future searchers with some additional detail I am documenting exactly how I got it working here for reference:
Step 1.) Add the actual "BasicAuthHttpWebRequestFactory.cs" file from the SolrNet Master Branch into your actual solution - this file can be found here:
- Note: I am using SolrNet version:
SolrNet 0.4.0.4001
Step 2.) I then modified my SolrOperationsCache.cs file to:
- Read the basic authentication username & password set from the AppSettings section of the web.config file. I recommend encrypting this section using the native .NET Protected Configuration functionality to protect these credentials while at rest.
//Take credentials from encrypted web.config section
string solrUser = ConfigurationManager.AppSettings["SolrUser"];
string solrPwd = ConfigurationManager.AppSettings["SolrPassword"];
- Create the new BasicAuthHttpWebRequestFactory and then initialize as per below:
var connection = new SolrNet.Impl.SolrConnection(solrUrl)
{
HttpWebRequestFactory = new HttpWebAdapters.BasicAuthHttpWebRequestFactory(solrUser, solrPwd)
};
if (solrOperations == null)
{
//Using Basic Auth Settings
Startup.Init<T>(connection);
solrOperations = ServiceLocator.Current.GetInstance<ISolrOperations<T>>();
}
Note: My "SolrOperationsCache.cs" file is a modified version of the same file found in A.Friedman's excellent Solr demo application which can be found here.
Step 3.) Then when ready to connect to the remote Solr server simply call as normal:
var solrWorker = SolrOperationsCache<SolrCore1>.GetSolrOperations(solrServerURL);
Quick Security Note: Always utilize HTTPS when using HTTP Basic Authentication as every request sent to the server will contain an easily decoded Base-64 encoded representation of the username and password values in the HTTP Authorization Header. Without HTTPS protection these values will be at risk of authorized capture and misuse while they transit intermediary shared networks.
The full (modified) "SolrOperationsCache.cs" file follows below for reference:
1 using System;
2 using System.Configuration;
3 using System.Collections.Generic;
4 using System.Linq;
5 using System.Web;
6 using SolrNet;
7 using Microsoft.Practices.ServiceLocation;
8
9 namespace ImportExcelReports
10 {
11 internal static class SolrOperationsCache<T>
12 where T: new()
13 {
14 private static ISolrOperations<T> solrOperations;
15
16 public static ISolrOperations<T> GetSolrOperations(string solrUrl)
17 {
18 //Is the HTTP Basic Auth option turned on in Web.config?
19 if (ConfigurationManager.AppSettings["solrBasicAuthOn"] == "True")
20 {
21 //Take credentials from encrypted web.config section
22 string solrUser = ConfigurationManager.AppSettings["SolrUser"];
23 string solrPwd = ConfigurationManager.AppSettings["SolrPassword"];
24
25 var connection = new SolrNet.Impl.SolrConnection(solrUrl)
26 {
27 HttpWebRequestFactory = new HttpWebAdapters.BasicAuthHttpWebRequestFactory(solrUser, solrPwd)
28 };
29
30 if (solrOperations == null)
31 {
32 //Using Basic Auth Settings
33 Startup.Init<T>(connection);
34 solrOperations = ServiceLocator.Current.GetInstance<ISolrOperations<T>>();
35 }
36 }
37 else
38 {
39 if (solrOperations == null)
40 {
41 //Not using Basic Auth
42 Startup.Init<T>(solrUrl);
43 solrOperations = ServiceLocator.Current.GetInstance<ISolrOperations<T>>();
44 }
45 }
46 return solrOperations;
47 }
48 }
49 }
Useful Additional Reading:
comments powered by Disqus