Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / September 2006

Tip: Looking for answers? Try searching our database.

Role-based secu.: IIS hosted remoting server doesn't hold my princ

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Feng - 27 Sep 2006 03:57 GMT
Hi,

I have a VB.Net Windows form based user authentication system. The form
authenticates the user info against a server through Remoting that is hosted
by IIS. The authentication process runs well all the time. Once the
authentication is done, I set up my customized identity and principal and set
the principal to the current thread on the server before returning the call
back to the client.

The thing that suprises me is that, when my client gets back to the server
the next time (client gets back through a remoting reference to the same
server object that did the authentication), the security principal of the
current thread on the server has changed! It went back to Windows principal
again, instead of my own principal I just set.

What is going on here? I am new to the .Net role-based security in generial
and the identiy/principal in perticular. Does this problem has anything to do
with the fact that the remoting server is hosted by IIS? Can someone tell me
what I am doing wrong and how to correct this?

Thanks a million!
Reply to this Message
Joseph Bittman MVP MCSD - 28 Sep 2006 22:05 GMT
Sept. 28, 2006

What is the mode of your remoting object - SingleCall or Singleton? .... If
it is singlecall, then there is a unique remoting object for each call and
not for each session - which means if you replace the principal on one, then
it shouldn't affect the next call.

Without more info, what I can say is probably you're somehow going to have
to set the principal every time, or make sure you remoting object is
actually the same one "living" which you changed the principal for... and
wasn't timed-out due to inactivity or something.

Hope this helps!

Signature

                      Joseph Bittman
    Microsoft Certified Solution Developer
Microsoft Most Valuable Professional -- DPM

Blog/Web Site: http://CactiDevelopers.ResDev.Net/

> Hi,
>
[quoted text clipped - 24 lines]
>
> Thanks a million!
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.