Re: Remoting and security

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Sam Santiago (ssantiago_at_n0spam-SoftiTechture.com)
Date: 07/23/04 

Date: Fri, 23 Jul 2004 10:25:50 -0700

If you need security you must host your remote object within IIS. Or write
your own. Check out this link:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconchoosingcommunicationoptionsinnet.asp

and
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconremotingexamplehostinginiis.asp

Here's an excerpt:

"If you need to encrypt your calls or authenticate your client, you must use
an HTTP-based application hosted in IIS, whether that is an ASP.NET
application or a remoting application. This is because ASP.NET and .NET
remoting use the security services provided by IIS. .NET remoting does not
provide any security services when hosted outside IIS (for example, in a
Windows Service)."

Good luck.

Sam 

-- 
_______________________________
Sam Santiago
ssantiago@n0spam-SoftiTechture.com
"José Joye" <jose.joye@KILLTHESPAMSbluewin.ch> wrote in message
news:eOFF8wHcEHA.1048@tk2msftngp13.phx.gbl...
> Hello,
>
> I have created a NT Service and I expose some methods through "Remoting".
> All works great. However, I want to prevent that everyone (within my
> Intranet) will be able to use it.
> As I understand it, assuming that the client is installed on a PC within
the
> intranet, It will be possible to execute it and therefore communicate with
> the Service that provide "Remoting" feature.
>
> What is the correct way to allow only clients run by users within a
> dedicated set of NT Group to access my Service providing the "Remoting"
> feature?
>
>
> Thanks a lot,
> José
>
>

Relevant Pages

  • IIS 5.0 IN A DOMAIN?
    ... > I am contacting this list, because of the focus on security more than ... > Here are the client goals: ... > HAVE THE IIS AND SQL BOXES JOIN A SPECIAL DOMAIN DESIGNED JUST FOR THESE ... > WIN2KDOMAIN2 DOMAIN CONTROLLERNEEDED TO SUPPORT THIS? ...
    (Focus-Microsoft)
  • Re: .NET 2.0 Remoting Bug?
    ... can you show me your config and remoting security relevant code... ... Dominick Baier - DevelopMentor ... I'm trying to apply role-based security to a .NET remoting server. ... (identification only, I don't want to impersonate the client), and I ...
    (microsoft.public.dotnet.security)
  • Re: security header is not present in the incoming message
    ... I get this exception every time I run my service thru ordinary IIS ... My client is simple ASP.NET Web Site ... Security requirements are not satisfied because the security header is ...
    (microsoft.public.dotnet.security)
  • Security requirements are not satisfied because the security header is not present in the incoming m
    ... I get following exception every time I run my service thru ordinary IIS ... My client is simple ASP.NET Web ... An error happened during the processing of a response message, ... Security requirements are not satisfied because the security header is ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Remoting and security
    ... > "If you need security you must host your remote object within IIS. ... >> remoting use the security services provided by IIS. ... >> Sam Santiago ...
    (microsoft.public.dotnet.framework.remoting)