Re: Is WindowsPrincipal is Remotable ?

• Previous message: Dominick Baier [DevelopMentor]: "Re: Importance of salt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 16 Sep 2005 09:28:34 -0700

Hello Karthik,

no it isn't - WindowsPrincipal ultimately encapsulates a Windows token, which
only makes sense on the machine where it was created.

i guess you are using remoting - the security story of remoting is, well,
non existent. Remoting has no authentication, authorization, message security
etc...

You can get most features by hosting in IIS

- enable integrated authentication (identity is available on the server under
Thread.CurrentPrincipal)
- enable SSL for wire security (otherwise i can easily change you remoting
calls on the fly)

While this all works for servers (well with a little help of IIS) -there
is NO builtin way to secure clients. So if you are doing callbacks from the
server, the client opens a port and takes connections from the world...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> This is regarding passing WindowsPrincipal from my client to the
> server; I'm developing a Windows based application in c#.
>
> When ever I try to pass WindowsPrincipal object from the client to
> server it says "Exception ha been throw at target invocation."
>
> I'm using call context (that class is inherited by
> ILogicalThreadAffinative) to pass the object, but still I'm getting
> the same error at runtime. I'm using Server activated Remoting.
>
> Now I'm having a list of quires so can any one please look into them?
>
> Questions
>
> 1. How to pass WindowsPrincipal across layers?
>
> 2. Presently my server is hosted on console application(the listener)
> if I change this as Windows service does my security logic (passing
> windows principal object and validating into the BL ) or any other
> code needs to be changed or it won't be a problem
>
> 3. Instead of using WindowsPrincipal If I use GenericIdentity with
> GenericPrincipal I'm able to pass across layer so, can I use this
> method for my security check. I'm creating the GenericIdentity by
> getting the WindowsIdentity's Name as argument to GenericIdentity.
>
> Even if it is Ok I wanted to know why I'm not able to pass
> WindowsPrincipal object to my BL.
>
> 4. What is the behavior of my Server Class if I decorate it with
> [Serializable] as well as inherited by MarshalByRefObject.?
>
> 5. Is there any correlation between [Serializable],
> MarshalByRefObject and Client Activated, Server Activated type of
> Remoting?
>

• Previous message: Dominick Baier [DevelopMentor]: "Re: Importance of salt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]