Re: How to get the WindowsIdentity of the caller of my excutable?

From: Alek Davis (alek_xDOTx_davis_xATx_intel_xDOTx_com)
Date: 06/23/04 

Date: Wed, 23 Jun 2004 11:36:37 -0700

This is a very bad approach. If the user identity is passed as a method
parameter, what will prevent a malicious application to call this method
specifying any user it wants? If you need to know caller's identity for
security reasons, you should not do this. Regarding how to detect caller's
identity from a COM+ object, it depends how you implemented the com object.
If it is a C/C++ application, you get the caller's identity from the thread
context (or HTTP context). I am not sure about C#, but there must be lots of
examples how to do this. Sorry, I haven't worked with COM+ for years, so I
do not have an example at hand, but really this should not be difficult to
find.

Alek

"Cindy Liu" <CindyLiu@discussions.microsoft.com> wrote in message
news:8298CBE8-D8EB-4A05-A584-4E8A88655DBC@microsoft.com...
> If COM+ can do it easily, can you tell me how?
>
> Since there is no way to get the identity of the caller from .Net remoting
object hosted by Windows service, so I decide to pass the identity of the
caller with the methods of my remoting object. The caller of my remoting
object is COM+ dll and its callers are asp pages. So now I want to get the
identity of caller from COM+.
>
> Thanks for your help!!!
> Cindy
>
> "Alek Davis" wrote:
>
> > I am confused: which module do you want to detect the identity of the
> > caller: COM+ DLL or remoting object hosted in a Windows service. COM+
must
> > be able to do it easily, but not the remoting object.
> >
> > Alek
> >
> > "Cindy Liu" <CindyLiu@discussions.microsoft.com> wrote in message
> > news:F1F901AA-883F-4AF7-BEFE-A425BDB6A20E@microsoft.com...
> > > Yes, my Windows service hosts a .Net remoting object, and I have a
COM+
> > dll talking to it from different computer, and a web server on the same
box
> > calling COM+ methods. Now I want to pass WondowsIdentity token from COM+
dll
> > to my Windows service. Can COM+ dll determine who is the caller, or my
web
> > server has to get the token and pass to COM+ dll?
> > >
> > > "Alek Davis" wrote:
> > >
> > > > Cindy,
> > > >
> > > > I assume that your Windows service encapsulates a .NET remoting
object;
> > > > otherwise, your question does not make much sense: a regular Windows
> > service
> > > > just runs on its own with the identity defined in the Service
Control
> > > > Manager (which is trivial to obtain). If my assumption is correct,
you
> > are
> > > > out of luck, because CLR does not support any security aspects in
.NET
> > > > remoting objects running inside of Windows services. You options
would
> > be
> > > > to: (a) host your .NET remoting object in an ASP.NET application
instead
> > of
> > > > Windows service; (b) use SSPI (I cannot comment on this, but there
are
> > some
> > > > references on the Web); or (c) use a commercial product like
> > GenuineChannels
> > > > (see http://www.genuinechannels.com/).
> > > >
> > > > Alek
> > > >
> > > > "Cindy Liu" <CindyLiu@discussions.microsoft.com> wrote in message
> > > > news:EE740459-E1C4-4AAE-8E5E-A6DB5C72FE27@microsoft.com...
> > > > > Hi Everyone,
> > > > >
> > > > > I created my Windows service. I want to get the WindowsIdentity of
the
> > > > caller that calls my method in my Windows service. How do I do that?
> > > > >
> > > > > Thanks in advance!!!
> > > > > Cindy
> > > >
> > > >
> > > >
> >
> >
> >

Relevant Pages

  • Re: How to get the WindowsIdentity of the caller of my excutable?
    ... Since my remoting object has to be hosted by Windows service, as you said that CLR does not support any security aspects in .NET ... > caller with the methods of my remoting object. ... > object is COM+ dll and its callers are asp pages. ...
    (microsoft.public.dotnet.security)
  • Re: How to get the WindowsIdentity of the caller of my excutable?
    ... caller: COM+ DLL or remoting object hosted in a Windows service. ...
    (microsoft.public.dotnet.security)
  • Re: RosAsm, F2 wont work with DLL
    ... I start RosAsm by double clicking RosAsm2035d.exe, ... Automatic, from earlier analyses. ... I then press F2, which should ask me for the caller process, but ... This is for testing a bit of what the DLL does and the validity ...
    (alt.lang.asm)
  • Re: RosAsm - exports issue with some DLLs
    ... The DLLScanner is a simple toy for viewing the Exports of a DLL. ... push Address ... way, but to go and see, in the caller, what these things are. ... a pointer to a pointer, you are in the ++ hell... ...
    (alt.lang.asm)
  • Re: Linking DLLs across different compilers and languages
    ... caller calls you with HTHINGs, but the caller can never "open up" an HTHING to look inside ... That is done solely within your DLL. ... then DLL A unloads, DLL B remains in memory until the process terminates. ... that you aren't stuck with the issues of allocation, deallocation, ...
    (microsoft.public.vc.mfc)