Re: .NET 2.0 Remoting Bug?
- From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 3 Apr 2006 13:50:47 +0000 (UTC)
would you mind filing this bug here:
http://lab.msdn.microsoft.com/productfeedback/default.aspx
they usually get back quite timely.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Nope, I'm still getting a GenericPrincipal. Turning impersonation on
in the server as well gives a WindowsPrincipal.
Here is someone who encountered exactly the same problem:
http://aspalliance.com/groups/microsoft_public_dotnet_distributed_apps
/ng-110029_IsInRole_always_return_fasle_on_secure_remoting_ca_.aspx .
Apparently the tip he got was to authenticate against
ActiveDirectory himself. Creating a new WindowsPrincipal is infinitely
simpler, not to mention also works if there's no ActiveDirectory.
It still seems like a Microsoft bug, though.
"Dominick Baier [DevelopMentor]" wrote:
looks ok...
what happens if you change the token impersonation level on the
client (without changing the impersonate setting on the server)
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Well, on the server I use the following configuration:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.runtime.remoting>
<application>
<channels>
<channel ref="tcp" secure="true" impersonate="false"
name="ShadowChannel" port="8122">
<serverProviders>
<formatter ref="binary"/>
</serverProviders>
</channel>
</channels>
<service>
<wellknown mode="SingleCall"
type="TASE.Slika.Shadows.CommandInput,
ShadowService"
objectUri="Shadows"/>
</service>
</application>
</system.runtime.remoting>
</configuration>
and I simply call RemoteConfiguration.Configure. In every method of
the CommandInput object I get a GenericPrincipal in
Thread.CurrentPrincipal.
The client doesn't use a config file, its initialization code looks
like this:
public class ShadowInputProvider
{
private static TcpClientChannel s_Channel;
static ShadowInputProvider()
{
IDictionary props = new Hashtable();
props["secure"] = true;
props["connectionTimeout"] = 1000;
props["tokenImpersonationLevel"] =
TokenImpersonationLevel.Identification;
s_Channel = new TcpClientChannel(props, null);
ChannelServices.RegisterChannel(s_Channel, true);
RemotingConfiguration.RegisterWellKnownClientType(typeof(IShadowProv
id
er),
Configuration.ShadowServer.URL);
}
public static IShadowProvider GetProvider()
{
IShadowProvider provider = (IShadowProvider)
Activator.GetObject(typeof(IShadowProvider),
Configuration.ShadowServer.URL);
return provider;
}
}
Configuration.ShadowServer.URL is a string containing the actual URL
(it's the correct URL...). IShadowProvider is the interface
implemented by the CommandInput class in the server.
Thanks,
Itay.
"Dominick Baier [DevelopMentor]" wrote:
can you show me your config and remoting security relevant code...
i never saw this before....
.
- Follow-Ups:
- Re: .NET 2.0 Remoting Bug?
- From: Itay Sandbank
- Re: .NET 2.0 Remoting Bug?
- References:
- Re: .NET 2.0 Remoting Bug?
- From: Itay Sandbank
- Re: .NET 2.0 Remoting Bug?
- Prev by Date: Re: .NET 2.0 Remoting Bug?
- Next by Date: Re: .NET 2.0 Remoting Bug?
- Previous by thread: Re: .NET 2.0 Remoting Bug?
- Next by thread: Re: .NET 2.0 Remoting Bug?
- Index(es):
Relevant Pages
|
