How to authenticate a calling assembly

From: qdm (qdm0308_at_yahoo.com)
Date: 10/27/03


Date: 27 Oct 2003 08:28:57 -0800

Hello security specialists ... can you lend an ear? I would like to
enhance the security of an existing application. Currently, the
client tier of the application makes remoting calls to the business
tier. At the business tier, I want to verify that the remoting call
originated from an assembly that was signed using my company's private
key. The middle tier assembly will be signed in the same way. Has
anyone experience, or just a good idea for doing this? In the client,
I do have the freedom to send what I want in the call context.

Any help or thoughts are deeply appreciated!



Relevant Pages

  • Architektur
    ... - Client Tier ... - Business/Application Logic ... - Database Tier ... Wie kommunziert das Client Tier mit der Business Logic resp. ...
    (microsoft.public.de.german.entwickler.dotnet.csharp)
  • Re: .NET is not secure
    ... Same holds for letting security-relevant code return references to ... The rule is no program at the UI tier can make a direct call from the UI to instanciate an object in the business tier or the data tier. ... What is being used is a Web Service proxy to present data to the Business tier object or the the Business tier object presents data to the UI via the proxy. ...
    (comp.security.firewalls)
  • Re: Debugging a class library in Compact Framework
    ... The business tier has a? ... mark against the breakpoint which as you pointed ... > So you are trying to stepinto a dll method? ...
    (microsoft.public.dotnet.framework.compactframework)
  • Business logic in stored procedures
    ... the business tier as stored procedures. ... procedures are recommended for the business tier. ... 2000 Enterprise deployed on Windows Server 2003 Enterprise using ASP.NET ...
    (microsoft.public.sqlserver.programming)
  • Re: thin-client / multi tier
    ... business tier, then consume it in a client via the protocolof your ... The business tier (aka "middle tier" ... You can easily pass just about anything between the client and middle tier. ... Designing services and complex types with the Service Builder is very "RAD". ...
    (borland.public.delphi.thirdpartytools.general)