 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / New Users / July 2006Windows authentication over remoting... possible?
Hi, I have to develop an application that will consist of a service and a windows forms application... the service could be on a distant server but I need to authenticate the user as being part of the same domain. so when the application starts, I can send something to the remote service and query for some objects and the service can give me the objects if I'm the right user (part of the right group). I don't want to send username and password nor password hash over the network so if there is a better way (just like SQL server does or many other apps), I would like to know it (maybe if you have a link) Thanks ThunderMusic ThunderMusic, Not easily. You can host your remoted objects in IIS, and then it would use the authentication mechanism that you have configured in IIS. Also, I believe this will force you to design your objects in a certain way (for stateless calls, since the mechanism for HTTP is stateless). I could be wrong here. I would honestly not use or recommend remoting as a distributed object technology. If you have to develop your app now (meaning, get it out the door tomorrow), then I would suggest using COM+/Enterprise Services. If you have some time to spare, and don't mind developing with pre-release software, I would look into Windows Communication Foundation. Either way, remoting is a dead-end in my book. Hope this helps.  Signature- Nicholas Paldino [.NET/C# MVP] - mvp@spam.guard.caspershouse.com > Hi, > [quoted text clipped - 11 lines] > > ThunderMusic > I would honestly not use or recommend remoting as a distributed object > technology. If you have to develop your app now (meaning, get it out the > door tomorrow), then I would suggest using COM+/Enterprise Services. Remoting isn't a distributed object technology; it's a communication protocol. In fact for .net to .net comms on lan, the recommendation is to use remoting AND com+/es. - Oisin > Hi, > [quoted text clipped - 11 lines] > > ThunderMusic Hi ThunderMusic, This may be of help: <UrlWillWrap> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/S ecNetch11.asp </UrlWillWrap> SignatureHope this helps, Tom Spink Ok, I found the WindowsPrincipal class, and it's serializable. Does an instance of this class guaranty the user is logged on a computer and has been authenticated or is there a way to query the domain server if the user is a rightful user? I mean, I must be sure the user making the request (or query) is who he claims to be and is logged on the domain. My app does not allow impersonnation, but I don't want anybody trying to impersonnate someone on my network and claim being, let's say, the president of the company and start making anything he wants with the remote objects... you know what I mean? I need a way to secure things so only an authenticated user or a user I can authenticate can have access to the objects the service is providing. And I definitly need to know the domain groups this user belongs to... Thanks ThunderMusic > Hi, > [quoted text clipped - 11 lines] > > ThunderMusic ThunderMusic, Unfortunately, no, it does not allow that. All it is is a representation of a user. Anyone could theoretically make one and send it to you. It doesn't tell you if it is logged on or not. Signature- Nicholas Paldino [.NET/C# MVP] - mvp@spam.guard.caspershouse.com > Ok, I found the WindowsPrincipal class, and it's serializable. Does an > instance of this class guaranty the user is logged on a computer and has [quoted text clipped - 28 lines] >> >> ThunderMusic ok, so is there a way I can get the token Windows send us when we log on and send it to my service so the service can verify with the domain server if this token is valid? thanks ThunderMusic > ThunderMusic, > [quoted text clipped - 34 lines] >>> >>> ThunderMusic ok, I answered a part of my question : System.Security.Principal.WindowsIdentity.GetCurrent().Token.... So now is there a way I can deal with this in my service? can I sen the Windows Identity instance over remoting? thanks ThunderMusic > ok, so is there a way I can get the token Windows send us when we log on > and send it to my service so the service can verify with the domain server [quoted text clipped - 42 lines] >>>> >>>> ThunderMusic ThunderMusic, I have to ask, why not use one of the two solutions I posted earlier? Trying to do this yourself will lead to a good number of holes in your solution. Signature- Nicholas Paldino [.NET/C# MVP] - mvp@spam.guard.caspershouse.com > ok, I answered a part of my question : > System.Security.Principal.WindowsIdentity.GetCurrent().Token.... So now [quoted text clipped - 51 lines] >>>>> >>>>> ThunderMusic because WCF is still beta and the enterprise I work for avoid using beta versions because they had big problems with them in the past... and not COM+ because noone knows anything about it here... the only thing we know is remoting... even if it's "a dead technology" we can't afford using WCF and have eventual problems. Our apps will stay local to the enterprise and is not targeted to the public, but we just want to make sure that noone will be able to clone one of our users from the domain... (well, at least, as most as possible) maybe if you have some link I can look at to start using COM+/Enterprise Services.... Is it as easy as Remoting? I mean, providing the client app with interfaces and then get a remote copy of the object and calling the interfaces methods? (We would work by marshaling, not as WellKnownObjects) thanks ThunderMusic > ThunderMusic, > [quoted text clipped - 57 lines] >>>>>> >>>>>> ThunderMusic > the only thing we know > is remoting... even if it's "a dead technology" Remoting isn't really dead... in fact it's part of WCF :) thanks for correcting, I didn't know... everywhere I went, people kept saying "Remoting is deprecated"... so I started to believe it... thanks ThunderMusic >> the only thing we know >> is remoting... even if it's "a dead technology" > > Remoting isn't really dead... in fact it's part of WCF :) Just check on the client, put a strong name on the client. You can event do some link demands. Schneider > Hi, > [quoted text clipped - 11 lines] > > ThunderMusic You may want to investigate the MSDN sample about using SSPI with remoting, it should do exactly what you are wanting to do http://msdn.microsoft.com/webservices/remoting/default.aspx?pull=/library/en-us/ dndotnet/html/remsspi.asp -Robert > Hi, > [quoted text clipped - 11 lines] > > ThunderMusic seems pretty interesting... I'll read it and give you feedback as if it helped me, but I think it will.. ;) thanks a lot ThunderMusic > You may want to investigate the MSDN sample about using SSPI with > remoting, it should do exactly what you are wanting to do [quoted text clipped - 16 lines] >> >> ThunderMusic Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.