Re: How to get the WindowsIdentity of the caller of my excutable?

From: Cindy Liu (CindyLiu_at_discussions.microsoft.com)
Date: 06/23/04 

Date: Wed, 23 Jun 2004 14:03:01 -0700

I know it is not a good approach. Since my remoting object has to be hosted by Windows service, as you said that CLR does not support any security aspects in .NET
remoting objects running inside of Windows services, so the only way is to pass in the identity. Do you have any other way?

Thanks,
Cindy

"Alek Davis" wrote:

> This is a very bad approach. If the user identity is passed as a method
> parameter, what will prevent a malicious application to call this method
> specifying any user it wants? If you need to know caller's identity for
> security reasons, you should not do this. Regarding how to detect caller's
> identity from a COM+ object, it depends how you implemented the com object.
> If it is a C/C++ application, you get the caller's identity from the thread
> context (or HTTP context). I am not sure about C#, but there must be lots of
> examples how to do this. Sorry, I haven't worked with COM+ for years, so I
> do not have an example at hand, but really this should not be difficult to
> find.
>
> Alek
>
> "Cindy Liu" <CindyLiu@discussions.microsoft.com> wrote in message
> news:8298CBE8-D8EB-4A05-A584-4E8A88655DBC@microsoft.com...
> > If COM+ can do it easily, can you tell me how?
> >
> > Since there is no way to get the identity of the caller from .Net remoting
> object hosted by Windows service, so I decide to pass the identity of the
> caller with the methods of my remoting object. The caller of my remoting
> object is COM+ dll and its callers are asp pages. So now I want to get the
> identity of caller from COM+.
> >
> > Thanks for your help!!!
> > Cindy
> >
> > "Alek Davis" wrote:
> >
> > > I am confused: which module do you want to detect the identity of the
> > > caller: COM+ DLL or remoting object hosted in a Windows service. COM+
> must
> > > be able to do it easily, but not the remoting object.
> > >
> > > Alek
> > >
> > > "Cindy Liu" <CindyLiu@discussions.microsoft.com> wrote in message
> > > news:F1F901AA-883F-4AF7-BEFE-A425BDB6A20E@microsoft.com...
> > > > Yes, my Windows service hosts a .Net remoting object, and I have a
> COM+
> > > dll talking to it from different computer, and a web server on the same
> box
> > > calling COM+ methods. Now I want to pass WondowsIdentity token from COM+
> dll
> > > to my Windows service. Can COM+ dll determine who is the caller, or my
> web
> > > server has to get the token and pass to COM+ dll?
> > > >
> > > > "Alek Davis" wrote:
> > > >
> > > > > Cindy,
> > > > >
> > > > > I assume that your Windows service encapsulates a .NET remoting
> object;
> > > > > otherwise, your question does not make much sense: a regular Windows
> > > service
> > > > > just runs on its own with the identity defined in the Service
> Control
> > > > > Manager (which is trivial to obtain). If my assumption is correct,
> you
> > > are
> > > > > out of luck, because CLR does not support any security aspects in
> ..NET
> > > > > remoting objects running inside of Windows services. You options
> would
> > > be
> > > > > to: (a) host your .NET remoting object in an ASP.NET application
> instead
> > > of
> > > > > Windows service; (b) use SSPI (I cannot comment on this, but there
> are
> > > some
> > > > > references on the Web); or (c) use a commercial product like
> > > GenuineChannels
> > > > > (see http://www.genuinechannels.com/).
> > > > >
> > > > > Alek
> > > > >
> > > > > "Cindy Liu" <CindyLiu@discussions.microsoft.com> wrote in message
> > > > > news:EE740459-E1C4-4AAE-8E5E-A6DB5C72FE27@microsoft.com...
> > > > > > Hi Everyone,
> > > > > >
> > > > > > I created my Windows service. I want to get the WindowsIdentity of
> the
> > > > > caller that calls my method in my Windows service. How do I do that?
> > > > > >
> > > > > > Thanks in advance!!!
> > > > > > Cindy
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
>
>
>

Relevant Pages