 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Distributed Applications / July 2006Reading __remotePrincipal from CalContext for an IPC channel
Hi, I am trying to read the "__remotePrincipal" data from the CallContext in a remoting application but the value of this data is always null. My remote object derives from MarshalByRefObject and has a method as follows: public string GetContextInfo(string role) { IPrincipal i = (IPrincipal)CallContext.GetData("__remotePrincipal"); if (i == null) { return "null object"; } else { return i.IsInRole(role).ToString(); } } My server registers its IpcServerChannel and sets authorizedGroup = Everyone and ensureSecurity = true. It uses RemotingConfiguration.RegisterWellKnownServiceType to register the remote object. My client adds the role "custom" to it's thread principal using: Thread.CurrentPrincipal = new GenericPrincipal(WindowsIdentity.GetCurrent(), new string[] { "custom" }); It then registers its IpcClientChannel and sets ensureSecurity = true and creates the remote object using Activator.GetObject(). When the client calls remoteObject.GetContextInfo() the return value is always "null object". Any ideas? Hi We have reviewed this issue and are currently researching on it. We will update you ASAP. Thanks for your patience! Kevin Yu  Signature======= "This posting is provided "AS IS" with no warranties, and confers no rights." Hello, To configure a server IPC channel to authenticate remote callers, we need to set the authorizedGroup configuration property of IpcServerChannel to the Windows NT Group or Windows NT user that has permission to connect to the IPC channel. On the client side, set the impersonationLevel property to the kind of impersonation that can be performed with the caller's identity. You may check if it is set to none here so that it return null in your code. Regards, Luke Zhang Microsoft Online Community Lead ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== (This posting is provided "AS IS", with no warranties, and confers no rights.) Hi, I believe I am doing exactly as you say - yet it does not work (the method IsInRole always returns "__remotePrincipal is null" Here is the exact code. RemoteObject (Class Library) --------------------------------------------------------------------------------------------- using System; using System.Collections.Generic; using System.Data; using System.Data.SqlClient; using System.Text; using System.Threading; using System.Security.Principal; using System.Security.Permissions; using System.Runtime.Remoting.Messaging; namespace RemotingObjects { public class RemoteObject : MarshalByRefObject { public string IsInRole(string role) { string s = Thread.CurrentPrincipal.Identity.Name + " " + Thread.CurrentPrincipal.IsInRole("hello").ToString() + " " + WindowsIdentity.GetCurrent().Name + " "; IPrincipal remotePrincipal = (IPrincipal)CallContext.GetData("__remotePrincipal"); if (remotePrincipal != null) { return s + remotePrincipal.IsInRole(role).ToString(); } else { return s + "__remotePrincipal is null"; } } public RemoteObject() { } } } --------------------------------------------------------------------------------------------- RemoteServer (Windows Service) --------------------------------------------------------------------------------------------- using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Diagnostics; using System.ServiceProcess; using System.Text; using System.Runtime.Remoting; using System.Runtime.Remoting.Channels; using System.Runtime.Remoting.Channels.Ipc; using System.Runtime.Remoting.Channels.Tcp; using RemotingObjects; using System.Collections; namespace RemotingService { public partial class RemotingService : ServiceBase { IChannel _serverChannel; public RemotingService() { InitializeComponent(); } protected override void OnStart(string[] args) { // set to false to use tcp const bool useIpc = true; Hashtable channelProperties = new Hashtable(); if (useIpc) { // IPC channel properties channelProperties.Add("portName", "FrameworkServiceProvider"); channelProperties.Add("authorizedGroup", "Everyone"); channelProperties.Add("secure", "True"); channelProperties.Add("impersonationLevel", "Identification"); _serverChannel = new IpcServerChannel(channelProperties, null); } else { //TCP channel properties channelProperties.Add("port", "8888"); _serverChannel = new TcpServerChannel(channelProperties, null); ; } // ensure secure channel ChannelServices.RegisterChannel(_serverChannel, true); // Register as an available service with the name HelloWorld RemotingConfiguration.RegisterWellKnownServiceType(typeof(RemoteObject), "FrameworkService", WellKnownObjectMode.Singleton); } protected override void OnStop() { ChannelServices.UnregisterChannel(_serverChannel); } } } --------------------------------------------------------------------------------------------- RemoteClient (Console Application) --------------------------------------------------------------------------------------------- using System; using System.Collections.Generic; using System.Text; using RemotingObjects; using System.Runtime.Remoting.Channels; using System.Runtime.Remoting.Channels.Ipc; using System.Runtime.Remoting.Channels.Tcp; using System.Threading; using System.Collections; using System.Security.Principal; namespace RemotingClient { class RemotingClient { static void Main(string[] args) { // set to false to use tcp const bool useIpc = true; string uri = string.Empty; IChannel clientChannel; Thread.CurrentPrincipal = new GenericPrincipal(WindowsIdentity.GetCurrent(), new string[] { "hello" }); Console.WriteLine("Client says user is '{0}' '{1}'", Thread.CurrentPrincipal.Identity.Name, WindowsIdentity.GetCurrent().Name); Hashtable channelProperties = new Hashtable(); // Create a channel for communicating w/ the remote object if (useIpc) { channelProperties.Add("impersonationLevel", "Identify"); clientChannel = new IpcClientChannel(channelProperties, null); uri = "ipc://FrameworkServiceProvider/FrameworkService"; } else { clientChannel = new TcpClientChannel(channelProperties, null); uri = "tcp://localhost:8888/FrameworkService"; } ChannelServices.RegisterChannel(clientChannel, true); // Create an instance of the remote object using the Activator RemoteObject sample = (RemoteObject)Activator.GetObject(typeof(RemoteObject), uri); // Use the object if (sample.Equals(null)) { Console.WriteLine("Error: unable to locate server"); } else { long ticks = DateTime.Now.Ticks; string isInRole = sample.IsInRole("hello"); Console.WriteLine("Server says '{0}'", isInRole); //for (int i = 0; i < 1000; i++) //{ // sample.Load("BASIC"); // Tasks t = sample.Tasks; //} TimeSpan time = new TimeSpan(DateTime.Now.Ticks - ticks); Console.WriteLine("time taken {0} ms", time.TotalMilliseconds); } Console.WriteLine("Press the enter key to exit..."); Console.ReadLine(); } } } --------------------------------------------------------------------------------------------- Are you able to see what is going wrong? Thanks. Thank you for the code. I also reproduce the problem with your code. I am performing further research on the issue and will update you as soon as possible. Regards, Luke Zhang Microsoft Online Community Lead ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== (This posting is provided "AS IS", with no warranties, and confers no rights.) Hello, After consulting our developer, I found this is an incorrect document issue. It looks like the document hasn't been updated and lists behavior as it were for v2.0 beta1. Set secure="true" and the client identity is available on the Remoting host via Thread.CurrentPrincipal. If you need more information or if you would like to discuss any of the information presented, please let me know. Thanks, Luke Zhang Microsoft Online Community Lead ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== (This posting is provided "AS IS", with no warranties, and confers no rights.) Luke, Did you test your solution using my code? I have tried what you said: I added the line: channelProperties.Add("secure", "true"); to my channel properties in both the client and the server code. I also ensured that the when registering the channel I set the secure flag to true. It does not work - the remote object's Thread.CurrentPrincipal does not contain the same Thread.CurrentPrincipal as the client - the identity is different and the roles are not there! Any ideas? > Hello, > [quoted text clipped - 18 lines] > (This posting is provided "AS IS", with no warranties, and confers no > rights.) Hello, Thank you for the update. Would you please let me know your actual email so we can communitcate on this issue in a prompt way? To get my actual email ,please remove "online" from my display email. Thanks, Luke Zhang Microsoft Online Community Lead ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== (This posting is provided "AS IS", with no warranties, and confers no rights.) Hi! Is there anymore information regarding this issue? I'm experiencing the same thing. Thanks Johan I have not heard anything - Luke - do you know what has happened? > Hi! > [quoted text clipped - 4 lines] > > Johan Hi Gary, The latest update I received is : It is because Remoting authentication supports only WindowsPrincipals. Custom roles are a property of the GenericPrincipal type. I search more information on this and will update you ASAP. Thanks, Luke Zhang Microsoft Online Community Lead ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== (This posting is provided "AS IS", with no warranties, and confers no rights.) Hello, Here are some more details on this issue: The TcpChannel uses the NegotiateStream class for its security implementation. This class supports authentication using Windows SSPI, which in turn uses either Kerberos or NTLM, depending on the OS. WindowsPrincipal objects are the only ones that .NET can authenticate using Kerberos and NTLM. This excludes the use of GenericPrincipal for secure TcpChannel connections. Here's an article that may help to explain this: Security Briefs http://msdn.microsoft.com/msdnmag/issues/06/00/SecurityBriefs/ If you have any further questions, please feel free to let me know. Sincerely, Luke Zhang Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.