Secure TCP Channel using Remoting .NET 2005
- From: "mr2paul" <mr2paul@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 30 Aug 2005 10:46:03 -0700
I have a query on authentication design for a service orientated
architecture application hosting .NET 2005 remoted objects on a server called
on by clients using .NET remoting and secure tcp channel
Problem Scenario is as follows…
I am developing a service orientated application in .NET 2005 and uses .NET
remoting for communication between clients and server. I have a windows
service to host the remoted objects
My problem is the design of the authentication mechanism, and I will try and
explain what I am trying to achieve
1.The server defines a custom identity and custom principal classes based on
the IIdentity and IPrincipal interfaces. The custom identity has additional
fields to store information about the user relevant to my application
2.ALL remote methods on server extract the Threads current principal and
throws and exception if the authentication type is not the one expected from
the Custom identity and principal classes mention above. The idea being NO
clients can use the remote objects unless the thread has MyCustom Identity
This is implemented using the following code which is executed in all the
remote “MarshalByRefObject” classes to prevent access by any clients not
having the custom identity
if (Thread.CurrentPrincipal.Identity.AuthenticationType ==
"MyCustomAuthentication" & Thread.CurrentPrincipal.Identity.IsAuthenticated
== true)
{
currentUser =
(IMyCustomIdentity)Thread.CurrentPrincipal.Identity;
}
else
{
throw new Exception("Permission denied. Access is only permitted
for authenticated users");
}
3. There is ONE “Authentication” class that does not do the
authentication check detailed in (2) above, and allows users to execute only
one method in this class called authenticate even if they do not have a
“MyCustomIdentity” (code as follows). If the credentials passed to the
method are verified with those stored in a sqlserver database then a
“MyCustomIdentity” is created for the user
The new principal created is set on the thread and the identity then flows
to other calls on the server
public bool Authenticate(string name, string password)
{
// Check name and password credentials passed
If (CheckCredentials(name, password)=false)
return false;
// Create a fully authenticated MyCustomIdentity for validated
user
AuthenticatedIdentity = new CustomIdentity();
Authenticated.user = user; // additional field
added to IIdentity
Authenticated.databaseId = databaseId; // additional field
added to IIdentity
IPrincipal principal = new
GenericPrincipal(AuthenticatedIdentity, null);
Thread.CurrentPrincipal = principal;
return true;
}
4. The problem is I when a user is authenticated calling the remoted
“Authenticate Method”, I want the new principal created to be sent back and
set on the clients thread.
I then want this client principal to be automatically passed to calls for
further remote object calls from the client
The idea being that all the authentication handling is handled out of band
automatically , i.e I do not need to re-authenticate the users credentials
with ever call from the client to the server.
I am using .Net 2005 and also hope to use the tcp “secure” channel provided
by .NET 2005 but will also need to expand application to expose the core
business services as web services and optionally allow configuration for
Active Directory authentication
Regards
Paul
.
- Prev by Date: Remoting Custom Exception problem !!!
- Next by Date: when is the threadpool used in remoting calls?
- Previous by thread: Remoting Custom Exception problem !!!
- Next by thread: when is the threadpool used in remoting calls?
- Index(es):
Relevant Pages
|
