Remoting 2.0 security issues

HI.

I have two questions about .net remoting 2.0 security

I have a tcp channel console server and client. They use secure tcp channel. I wan't to pass a different identity to server than the one client is loged on How to do this

The second question.. If hosting is done with IIS over http channle (secure="true") is it still necessary to use SSL also. What is the recommanded way to do it

SSL

secure=true

SSL + secure=true

.NET Development28

If I understand what you are saying correctly:

1. You need to use impersonation.
2. If you host in IIS and you want wire confidentiality and integrity you need to use IIS.

I would like to have following features:

- Secure connection

- identification (not impersonation)

a. with default client credentials and

b. with some credentials, that client enters in some login win form

- on server side, i would like to have passed principal on thread

- if possible, ntlm authentication (or kerberos), not basic

- binary fomatter

-if possible, i would like to alternatively authenticate user from DB. Or can only authorization (roles) be from DB

when i examined IIS logs, i saw that when i passed def. credentials, username was like this COMP\user, but when i did it via channel properties, it was like (COMP\user). the ( ) were added. where can i see, what user hit IIS

the best it would be some working example, all I managed to find was examples with default credentials.

Maybe there is some tutorial

I would also like to do all this with plain TCP channel. Any ideas

Ivan, I don't know of a tutorial that covers all of these points, but you can get most of the data from the ".NET Remoting Security" paper on MSDN. [1] The examples use the HTTP channel in Remoting 1.1, but you can update the code to work with 2.0 TCP client & server channels. In 2.0, we added support for identification and NTLM/Kerb to the TCP infrastructure, which should give you everything you're looking for.

Cheers,

JJustice [MSFT]

[1] http://msdn.microsoft.com/library/default.asp url=/library/en-us/dnnetsec/html/SecNetch11.asp

- identification (not impersonation)

a. with default client credentials and working ok

b. with some credentials, that client enters in some login win form not working and very unclear documentation: on IIS it works only with basic authentication, on TCP not working and

- on server side, i would like to have passed principal on thread, again works ony for default credentials

- if possible, ntlm authentication (or kerberos), not basic on IIS I was able to make work basic authentication

-if possible, i would like to alternatively authenticate user from DB. (like in Java, where you can use plug-in any source of users)

- Or can only authorization (roles) be from DB

- when i examined IIS logs, i saw that when i passed def. credentials, username was like this COMP\user, but when i did it via channel properties, it was like (COMP\user). the ( ) were added. where can i see, what user hit IIS

I am almost sure that almost all my points are because of misconfiguration of some sort. But what misconfiguration Where is this described...

What I would like is an example of how to do this, not just fragments here and there that you then copy-and-paste-and-edit together, but the result is not what you would like.

I found solution.

All this works, if computer is in a domain.

If its not in a domain, than it doesn't.

thx for info

How about DB authentication