Re: .NET 2.0 Remoting Bug?



would you mind filing this bug here:

http://lab.msdn.microsoft.com/productfeedback/default.aspx

they usually get back quite timely.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Nope, I'm still getting a GenericPrincipal. Turning impersonation on
in the server as well gives a WindowsPrincipal.

Here is someone who encountered exactly the same problem:
http://aspalliance.com/groups/microsoft_public_dotnet_distributed_apps
/ng-110029_IsInRole_always_return_fasle_on_secure_remoting_ca_.aspx .

Apparently the tip he got was to authenticate against
ActiveDirectory himself. Creating a new WindowsPrincipal is infinitely
simpler, not to mention also works if there's no ActiveDirectory.

It still seems like a Microsoft bug, though.

"Dominick Baier [DevelopMentor]" wrote:

looks ok...

what happens if you change the token impersonation level on the
client (without changing the impersonate setting on the server)

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Well, on the server I use the following configuration:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.runtime.remoting>
<application>
<channels>
<channel ref="tcp" secure="true" impersonate="false"
name="ShadowChannel" port="8122">
<serverProviders>
<formatter ref="binary"/>
</serverProviders>
</channel>
</channels>
<service>
<wellknown mode="SingleCall"
type="TASE.Slika.Shadows.CommandInput,
ShadowService"
objectUri="Shadows"/>
</service>
</application>
</system.runtime.remoting>
</configuration>
and I simply call RemoteConfiguration.Configure. In every method of
the CommandInput object I get a GenericPrincipal in
Thread.CurrentPrincipal.
The client doesn't use a config file, its initialization code looks
like this:

public class ShadowInputProvider
{
private static TcpClientChannel s_Channel;
static ShadowInputProvider()
{
IDictionary props = new Hashtable();
props["secure"] = true;
props["connectionTimeout"] = 1000;
props["tokenImpersonationLevel"] =
TokenImpersonationLevel.Identification;
s_Channel = new TcpClientChannel(props, null);
ChannelServices.RegisterChannel(s_Channel, true);
RemotingConfiguration.RegisterWellKnownClientType(typeof(IShadowProv
id
er),
Configuration.ShadowServer.URL);
}
public static IShadowProvider GetProvider()
{
IShadowProvider provider = (IShadowProvider)
Activator.GetObject(typeof(IShadowProvider),
Configuration.ShadowServer.URL);
return provider;
}
}
Configuration.ShadowServer.URL is a string containing the actual URL
(it's the correct URL...). IShadowProvider is the interface
implemented by the CommandInput class in the server.
Thanks,
Itay.
"Dominick Baier [DevelopMentor]" wrote:
can you show me your config and remoting security relevant code...

i never saw this before....



.



Relevant Pages

  • Re: How to determine if the logged on user is in a group
    ... Dominick Baier - DevelopMentor ... I found that you to reboot the SERVER after you create a new group and put users in it so that the new group and the users appear in the whoami list on the server. ... although he is a member of these groups. ...
    (microsoft.public.dotnet.security)
  • Re: Web App Security and MSIE Settings
    ... Dominick Baier - DevelopMentor ... The "Intranet users" group have read access to the virtual directory. ... server: ...
    (microsoft.public.dotnet.security)
  • Re: Issues With User Control Embedded Into Web Page Since Installing .NET 2.0
    ... Dominick Baier - DevelopMentor ... I deployed the same test project to another 2003 server in the same ... - The issues stated above are reproducable from any client, ...
    (microsoft.public.dotnet.security)
  • Re: CryptoAPI, System.Security.Cryptography Interoperability
    ... > there is a newsgroup dedicated to cryptograhphy on that server - name ... > Dominick Baier - DevelopMentor ... >> I guess I'm astounded that using .NET on a server and the CryptoAPI ...
    (microsoft.public.dotnet.security)
  • Re: Web App Security and MSIE Settings
    ... Dominick Baier - DevelopMentor ... In an AD mixed mode environment, MSIE clients running on WinXP have ... problems accessing ASP .NET applications hosted in a Win 2003 server ...
    (microsoft.public.dotnet.security)