Role based authorisation with .Net remoting

From: Dan Kelley (DanKelley_at_discussions.microsoft.com)
Date: 01/18/05 

Date: Tue, 18 Jan 2005 07:41:06 -0800

I am currently working on a 2 tier Winform application, that is due to be
moved to an n-tier remoted application, using IIS as the remoting host, and
the binary formatter. The application is run on a Win 2k platform, and all
users are internal.

Currently in the UI we check users role membership to allow access to
various parts of the system, using the WindowsPrincipal.IsInRole method.

Once the business logic components are distributed, I want to place security
checks at the entry point to all publicly accesible remoted logic. Company
policy dictates this should be be done in the same method as we do on the
client side. This implies I need to flow the users credentials to the server
side, which I know how to do.

My problem is, 99% of all user submitted actions will involve database
communication, and all DB connections are created using integrated security.
Kerberos delegation is not enabled (and I would not want it to be), so this
is where the system design currently fails. The users credentials could not
then perform the second "hop" to the DB server in an NTLM authenticated
environment. The reason I would not want to use Kerberos delegation is this
would severely impact the benefits we would get from connection pooling by
having all db communication happening through a single user account.

The alternative would be to use LogonUser to impersonate a newly defined
system account, whose sole purpose is to run the code to communicate with the
database, after the user has been successfullly authorised. However, I
believe LogonUser requires fairly high privileges to run. And (beginning to
get a little confused), assume the call would be under the users security
context on the server.

I am hoping this is a fairly typical design. If anyone could give any advice
how to implement role based authorisation in this scenario I would be very
grateful.

Dan

Relevant Pages

  • Redirect all SMTP traffic to a specific server
    ... It actually creates an smtp server in the desktop pc and sends the email that way. ... It is BellSouth policy to only allow communication to their smpt server in port 25, ... This security software is not too robust and does not allow me to select either port of a different smtp server. ...
    (comp.lang.tcl)
  • Re: win2k/sql2k to win2k3/sql2k5 dtc problems
    ... had to reset security with this: ... > The win2k3/sql2k5 server used to be NT4/sql7 and was upgraded over the ... > Also RCP security has been turned off, and rpc ping and dtc ping both are ... however our application keeps coming back with "Communication ...
    (microsoft.public.sqlserver.security)
  • security-basics Digest of: get.123_145
    ... VPN to ASP a security risk? ... Re: Multiple IPSec tunnels? ... Subject: Security NT Server ... VPN to ASP a security risk? ...
    (Security-Basics)
  • Re: << SBS News of the week - Sept 26 >>
    ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
    (microsoft.public.backoffice.smallbiz2000)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.windows.server.sbs)