Re: help on caller credentials !! :-(



several things..

a) as Joe pointed out - switch to Network Service
b) you get the client identity from Thread.CurrentPrincipal
c) if you want to delegate the token to a backend service you need an impersonationLevel="Delegation"
d) you additionally need impersonate="true" in your config file, you you wanto to use the auto impersonation feature


very much like the sample you downloaded ;)


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Dear all,

I start to loose my hairs. Hoep someone could help me to recover..:-)
I have build a remote object hosted in a Windows Service runing as
LocalService.
I have then a claient application which calling that remote object and
based
on the caller credential I shouzld authorise hit or not to access to
back end
database.
The situation is as follow :
My client is running as BOB. BOB is calling the remote object for data
storage. What I try to do is retriveing the caller credential from my
remote
object in order to athauticated for further process. The problem is
that when
I check the wndows identity on my server side, it return the context
on which
my service is running and not my caller's context.
MY server config file is as follow :

<channels>
<!--<channel ref="tcp" port="8090"
useDefaultCredentials="False">-->
<channel ref="tcp" port="8090" secure="True"
impersonationLevel="Impersonate" protectionLevel="EncryptAndSign">
<serverProviders>
<formatter ref="binary" typeFilterLevel="Full"/>
</serverProviders>
</channel>
</channels>
Note that I am using .NEt 2.0

Thnaks again for your help ( I am fighting for a full week now on this
grrr
:-()
regards
serge


.



Relevant Pages

  • Re: help on caller credentials !! :-(
    ... You should run as Network Service ... I have build a remote object hosted in a Windows Service runing as ... I check the wndows identity on my server side, it return the context on ...
    (microsoft.public.dotnet.security)
  • Re: remoting options
    ... client project and add a remote object reference just like they have the ... > apply if you're using IIS to host the server) and the version of the ... > application that you want the server to use. ... > client code somehow so that it can be loaded/instantiated on the client. ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: remoting serialization exception
    ... Is the same remote object being ... >> client and server using slightly different versions of the remote object ... > objectId, BinaryAssemblyInfo assemblyInfo, SizedArray ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: remoting serialization exception
    ... Is the same remote object being ... > client and server using slightly different versions of the remote object ... objectId, BinaryAssemblyInfo assemblyInfo, SizedArray ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: .NET Remoting?
    ... Here's the situation that I'm trying to accomplish: ... > Remoting does what you originally asked about though. ... > If you make a remote object server, ... > instances of remoted objects on that server. ...
    (microsoft.public.dotnet.framework)