Re: WindowsIdentity.GetCurrent().Token cannot be used when remoting?

i think i have replied like 1 week ago to your original question...

this is easily possible in 2.0 - remoting supports integrated auth and if you wanna go down to socket level - NegotiateStream is the class that does the heavy lifting there.

you don't have to "invent" your own security system.

here is a sample:
http://www.leastprivilege.com/content/binary/SecureRemoting.zip


I'm on framework 2.0... Actually, all I want to do is "Integrated
Windows Security". The user is authenticated on the client machine, so
there must be something I can do to make the server know which user is
authenticated and get it's informations from the domain server (like
groups, et al.) I thought Token was the way to go, but without
success... By using the User SID, would there be a way for my server
app (not on the domain server, but still in the same domain) to know
in which groups is this user? I don't even have to know which user it
is (if I can know, fine, I can log it, but otherwise it's not that
important), I just need it's groups...

Thanks

ThunderMusic

"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:4580be633f358c8739a97f61020@xxxxxxxxxxxxxxxxxxxxx

regardless of the version - you cannot transfer tokens across the
network - they only have a meaning in the machine where they were
created.

In addition this would mean that you extend the trusted subsystem to
the client, which defeats the purpose of network authentication.

Hi,
I want to be able to retrieve user information on the server of my
remoting
app... What I did is the following : I called
System.Security.WindowsIdentity.GetCurrent().Token and sent it to
the
server
(via remoting). When I try to recreate the WindowsIdentity using the
Token
server-side, it tells me the Token is invalid even if the server app
is on
the same computer (same windows, same all) than the client app.
Is there a way I can do what I need to do? I mean, be able to
retrieve
the user infos (groups) using something I can send through network?
(ideally encrypted)
I've also seen in the same object, the property .User (that contains
the User SID on the NT Network). Is there something to do with this
value so I can retrieve the user it belongs to and get the groups
(or roles) it's in?

thanks

ThunderMusic



.

Relevant Pages

  • RE: [fw-wiz] Sources for Extranet Designs?
    ... network guys work the network, the app guys work the app and no where do ... other databases on that server" that is where I think the app guys have to ... Hardening Network Infrastructure - A concise how to guide ...
    (Firewall-Wizards)
  • Re: Invalid Seek Offset continued...
    ... Well shifting to MS SQL will be a very very big step. ... > As Aashish mentioned, network cards drivers may be causing this problem, I ... > also see this error a lot at one customer where the server RAID Controller ... >>> We are deploying a VFP8 app to several beta sites to replace an FPW ...
    (microsoft.public.fox.programmer.exchange)
  • Re: .NET new executable
    ... Since there is no network access avaialble, I want to send my app to each ... then you update the data into database. ... I do not have access to a web server, that is why I want a Windows ...
    (microsoft.public.dotnet.general)
  • Remoting Questions
    ... I have some more questions with regards to Remoting in .NET 2. ... Class Library containing the server classes which Inherits ... When the app starts, the following code executes: ... I have is that as soon as I copy the client exe with the CommonLib.dll over ...
    (microsoft.public.dotnet.framework.remoting)
  • Re: Using Native VFP Tables and Network Performance
    ... passing data and indexes across a network is not a good thing. ... client-server model, but it does require sufficient resources on the server ... Or you could use VFP in a distributed computing model ... The best results are found in a thin client app because ...
    (microsoft.public.fox.programmer.exchange)