Custom authentication for Remoting applications

dotnet framework

    Next

  • 1. Remoting and DataSets
    I'm trying to retrieve a DataSet remotely on the Client side from the Server. But I keep getting this error: Type is not resolved for member System.Data.SerializationFormat, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 If I understand correctly, DataSets and the like are serializable. I can't figure out what I'm doing wrong. I've got a baseClass which goes something like: [Serializable] public class baseClass : MarshalByRefObject { // blah blah private DataSet oDataSet; public DataSet MyDataSet { get { return oDataSet;} set{ oDataSet = value;}} public void Execute(string sql,string TableName){ //etc code to obtain DB connection DataAdapter.Fill(oDataSet,TableName); } // blah blah } And then I've got a businessClass which inherits the baseClass: public class businessClass : baseClass { // blah blah public DataSet GetList(){ return base.Execute("SELECT * FROM Users", "Users"); } } Now. Whenever I call GetList() or the try to retrieve the DataSet via the property method MyDataSet (from the client app), I get that error. I tested my code locally without remoting and it works. Am I serializing it wrongly? Or is there a problem with DataSets? Thanks a lot! I appreciate the help. Been racking my brain for ages!
  • 2. remoting from dotnet 2.0 to application running 1.1
    Hi I have a version 2.0 framework application that needs to talk to another 3rd party application that is using version 1.1 via remoting. Will\can it work? Are the any problems\pit falls am likely to experience? Any direction would be great. thanks dan
  • 3. Server load question
    Say you create a client proxy object SomeObject via a call to Activator.GetObject, and then call a method on SomeObject. Is there a live connection or other resource being kept in use on the server for the whole time that SomeObject is still alive on the client end? If you store SomeObject in a static variable or a class level variable and don't dispose of it, but don't actually do any additional calls on it, could that potentially result in an extra load on the server? Would there be any difference in this regard between whether the server class was a Singleton or Single Call? Not necessarily saying that I am looking to do this. Mostly just curious.

Custom authentication for Remoting applications

Postby haggai.shachar » Tue, 21 Nov 2006 08:29:00 GMT

Hello,
I'm working on a client/server application and having some issues with
authentication.

I'd like my authentication to be based on users database in oppose to
windows/basic authentication in which the users are authenticated
against the domain / server users.

So I built an HttpModule to parse the request header and check the
"Autherization" server variable each post.
The thing is - when i'm setting my virtual directory to work as
anonymous, my client wont send the "Authorization" variable, so I can't
parse it on the server.

Is there a way to make it happend without writing custome sink ?


ps.
I want to send the cradential on each soap post.


Thanks,
Haggai


Re: Custom authentication for Remoting applications

Postby Spam Catcher » Tue, 21 Nov 2006 13:46:34 GMT


@e3g2000cwe.googlegroups.com:


The HTTP module needs to deny the client and request an authorization by 
the client. However, the HTTPClient only supports certain authorization 
schemes - which I believe are Basic, Digest, and NTML.

Any other schemes require a custom implementation on the client side.

I'm using this HTTPModule to do authorization:

 http://www.**--****.com/ 
tpDigestAuthenticationWithoutActiveDirectory.html

I customized it to return a custom prinicipal and pull information from a 
database.



Similar Threads:

1.Remoting security with IIS and custom Forms authentication

Hi!

What are the options for securing remote objects, which are accessible
through IIS, when you have an application deployed on the same server,
which uses custom Forms authentication?

Scenario:
Server hosts app a, which is configured as: authentication:Forms,
authorization: deny users="?".

Now, for Remoting to work, I had to specify that the remoting URI
(RemotableObject.rem) requires no authorization, so IIS let the request
through. Since this object return reference to another object, IIS
(ASP.NET) creates a temporary link to this remote object, which of
course can not be known in advance and the request thus fails. The URI
is, for instance like this:
/ff1338e5_a46f_4577_af4c_726910d1a39f/9AqnyvYRtRnG8Ai_7Q+5KSYG_80.rem

Two questions:
1) how to configure IIS (ASP.NET application) to let the remoting
requests through
2) how to configure IIS (and remoting app) to be secure? (once the
requests will go through).

I guess that one can not mix windows authentication for remoting and
custom forms authentication for "regular asp.net" application.

And the two (asp.net app & remoting objects) have to be deployed within
the same application, since remoting object is used to expose some of
the asp.net application functionality.

Pointers appreciated.

Rgds,
  Miha

2.Remoting and custom authentication

I don't want to use IIS, (design specifiaction) data security isnt an issue, 
I just want to make a custom authorization and authentication system for my 
remoting server... how would i do this? set up a custom channel sink pair? 
any examples of something like this? I just need basic username and password 
and the ability to know who sent what call to the server (username only) 
thanks! 


3.Custom authentication in a web application

4.Custom.config for remoting application

I developed an application client-server based where an user, using a 
Http/Tcp .Net remoting connection, can open a tool to build aspx pages. On 
its turn, these pages can be visited through a web browser resident on the 
client application. In order to avoid the user can include a malicious code 
in codebehind file (for instance File.Delete(path)), I want to limit the 
access of the remote resources. For this goal, I have modified the web.config 
file  adding the following code:

<securityPolicy> 
      <trustLevel name="Custom" policyFile="web_CustomTrust.config" /> 
 </securityPolicy> 
 <trust level="Custom" originUrl="" />

where web_CustomTrust.config is custom config file.
Actually this file coincides with web_hightrust.config fetched from 
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG.
However, through this file authorizes high trust level of access, when I try 
to see the page using the web browser, an error occurs in the global.asax so 
defined:

Exception Details: System.Security.SecurityException: Request for the 
permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, 
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error: 


Line 148:                Application["remoteService"] = texService;
Line 149:            }
Line 150:        }
Line 151:	}
Line 152:}
 
Can someone suggest how I can modify my web_CustomTrust.config to avoid this 
problem ?
Thanks and best regards.




5.Sharing Forms Authentication between application and sub-application

Hi,

I'm succesfully using Forms Authentication on a site I'm working on
(MyMainApp).

In a subfolder of this site, I have a seperate ASP.NET application
(MySubApp), i.e. it's running as an application in IIS, although it's
part of the MyMainApp VS.NET project file.  The structure is something
like this:

MyMainApp             <!-- Application in IIS
 \MySubApp            <!-- Application in IIS
  \images
  \mySubAppFiles
  web.config
 \images
 \includes
 \MainAppSubFolder
 web.config
 logon.aspx, etc.

All other folders are simple virtual directories.  If I try browsing
to any .aspx page in a subfolder of MyMainApp (excluding files in
MySubApp) it forces me to the login page, as it should do.  However,
if I try to browse to any .aspx page in MySubApp by typing the address
in IE it brings up the page, seemingly bypassing the Forms
Authentication which is applied on both the web.config files of
MyMainApp and MySubApp.  Within MySubApp the relevant section of
web.config looks like this:

<authentication mode="Forms">
     <forms name=".MYAPP"
          loginUrl="../logon.aspx"
          protection="All"
          timeout="20"
          path="/"/>
</authentication>

Does anyone know why the Forms Authentication on MySubApp is being
bypassed completely?

Thanks,

Brian

6. Authentication during secure remoting

7. MS Future Plans: Remoting,Windows Authentication,Windows Services

8. Remoting, IIS authentication and NT40 clients



Return to dotnet framework

 

Who is online

Users browsing this forum: No registered users and 96 guest