Re: .NET 2.0 Remoting Bug?



would you mind filing this bug here:

http://lab.msdn.microsoft.com/productfeedback/default.aspx

they usually get back quite timely.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Nope, I'm still getting a GenericPrincipal. Turning impersonation on
in the server as well gives a WindowsPrincipal.

Here is someone who encountered exactly the same problem:
http://aspalliance.com/groups/microsoft_public_dotnet_distributed_apps
/ng-110029_IsInRole_always_return_fasle_on_secure_remoting_ca_.aspx .

Apparently the tip he got was to authenticate against
ActiveDirectory himself. Creating a new WindowsPrincipal is infinitely
simpler, not to mention also works if there's no ActiveDirectory.

It still seems like a Microsoft bug, though.

"Dominick Baier [DevelopMentor]" wrote:

looks ok...

what happens if you change the token impersonation level on the
client (without changing the impersonate setting on the server)

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Well, on the server I use the following configuration:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.runtime.remoting>
<application>
<channels>
<channel ref="tcp" secure="true" impersonate="false"
name="ShadowChannel" port="8122">
<serverProviders>
<formatter ref="binary"/>
</serverProviders>
</channel>
</channels>
<service>
<wellknown mode="SingleCall"
type="TASE.Slika.Shadows.CommandInput,
ShadowService"
objectUri="Shadows"/>
</service>
</application>
</system.runtime.remoting>
</configuration>
and I simply call RemoteConfiguration.Configure. In every method of
the CommandInput object I get a GenericPrincipal in
Thread.CurrentPrincipal.
The client doesn't use a config file, its initialization code looks
like this:

public class ShadowInputProvider
{
private static TcpClientChannel s_Channel;
static ShadowInputProvider()
{
IDictionary props = new Hashtable();
props["secure"] = true;
props["connectionTimeout"] = 1000;
props["tokenImpersonationLevel"] =
TokenImpersonationLevel.Identification;
s_Channel = new TcpClientChannel(props, null);
ChannelServices.RegisterChannel(s_Channel, true);
RemotingConfiguration.RegisterWellKnownClientType(typeof(IShadowProv
id
er),
Configuration.ShadowServer.URL);
}
public static IShadowProvider GetProvider()
{
IShadowProvider provider = (IShadowProvider)
Activator.GetObject(typeof(IShadowProvider),
Configuration.ShadowServer.URL);
return provider;
}
}
Configuration.ShadowServer.URL is a string containing the actual URL
(it's the correct URL...). IShadowProvider is the interface
implemented by the CommandInput class in the server.
Thanks,
Itay.
"Dominick Baier [DevelopMentor]" wrote:
can you show me your config and remoting security relevant code...

i never saw this before....



.