Remoting and Proxy Authentication

Scott Simms · Oct 14, 2003

Can you please describe the technique to access a .Net
remote object (remoting) via an authenticating proxy?

I have used the "ProxyName" and "ProxyPort" HTTP channel
properties successfully but I can't see how to pass
credentials to a Proxy via remoting.

At the moment I get the following error :
"Proxy Authentication Required."

PS : dotnet.framework.remoting appears to be unavailable

Thanks,

Scott Simms.

Tian Min Huang · Oct 14, 2003

Hello Scott,

It seems that I did not notice that I replied in your previous thread
regarding the Proxy Authentication. I paste it here for your convience:

"Based on my experience and research, .NET Remoting does not support proxy
server authentication in version 1.0 or 1.1. That's the reason why you will
receive the error "Proxy Authentication Required". Now I'd like to share
the following information with you:

1. An easy workaround to this is to disable the proxy settings in IE. You
could also use the TCPChannel instead of the HttpChannel.

2. Another temporarily workaround is to use WebProxy as shown below. Please
kindly note that this workaround is not guaranteed to be successful in
future service packs because of changes in the code and functionality.

//--------------code snippet---------------------
HttpChannel channel = new HttpChannel();
ChannelServices.RegisterChannel(channel);
FieldInfo clientChannelField =
typeof(HttpChannel).GetField("_clientChannel",
BindingFlags.Instance | BindingFlags.NonPublic);
HttpClientChannel clientChannel = (HttpClientChannel)
clientChannelField.GetValue(channel);
FieldInfo clientChannelProxy =
typeof(HttpClientChannel).GetField("_proxyObject",
BindingFlags.Instance | BindingFlags.NonPublic);
IWebProxy proxy = new WebProxy("proxy",80);
// you can add credentials to the web proxy here...
clientChannelProxy.SetValue(clientChannel,proxy);
//-------------end of---------------------
"

Please feel free to let me know if you have any problems or concerns.

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Scott Simms · Oct 28, 2003

Thanks very much for the information. I have tried the
code fragment supplied as disabling the proxy in I.E. is
not an option.

I am able to authenticate (no more 407) with the proxy
(squid) but I then get one of the following errors :

1. "The underlying connection was closed: The request was
canceled."
2. "The underlying connection was closed: An error
occurred on a receive."
3. "The underlying connection was closed: An error
occurred on a send."

Our server application is hosted by IIS and is protected
with basic authentication. I have traced the proxy log
files and the IIS log files and have found the following
sequence of Events :

1. Clients sends HTTP post to server via proxy
2. Proxy replys '407' (expected)
3. Client sends HTTP post with proxy credentials
4. Proxy passes on request to server
5. Server replys '401' (expected)
6. Client sends HTTP post with server credentials
7. Client receives an error.

It appears that the HTTPChannel class does not re-send the
proxy credentials at step 6. The server does not receive
the HTTP post at 6.

Any ideas greatly appreciated.

Scott Simms.

Liju Thomas [MS] · Oct 29, 2003

Can you try this

set the properties for the Remote object as below

IDictionary prop = ChannelServices.GetChannelSinkProperties(foo);

// this picks up the current credentials

prop["credentials"] = CredentialCache.DefaultCredentials;

// this allows your to specify domain/username/password
prop["username"] = "test";
prop["password"] = "password";
prop["domain"] = "myDomain";

// invoke method
// (credentials will be sent when the server sends a challenge)

foo.DoSomething();

thanks,
liju

--------------------
| Content-Class: urn:content-classes:message
| From: "Scott Simms" <[email protected]>
| Sender: "Scott Simms" <[email protected]>
| Subject: Remoting and Proxy Authentication
| Date: Mon, 13 Oct 2003 18:44:06 -0700
| Lines: 15
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcOR9Ke2rC1VtGUzR2SZ/1ZoMHVNPA==
| Newsgroups: microsoft.public.dotnet.framework
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework:56063
| NNTP-Posting-Host: TK2MSFTNGXA08 10.40.1.160
| X-Tomcat-NG: microsoft.public.dotnet.framework
|
| Can you please describe the technique to access a .Net
| remote object (remoting) via an authenticating proxy?
|
| I have used the "ProxyName" and "ProxyPort" HTTP channel
| properties successfully but I can't see how to pass
| credentials to a Proxy via remoting.
|
| At the moment I get the following error :
| "Proxy Authentication Required."
|
| PS : dotnet.framework.remoting appears to be unavailable
|
| Thanks,
|
| Scott Simms.
|

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.

©2001 Microsoft Corporation. All rights reserved.

Scott Simms · Nov 4, 2003

Hi Liju,

Yes we are doing this now to supply IIS with credentials
for basic authentication, this is not however used for
proxy authentication.

I believe that the problem is with the proxy credentials
not being re-sent. From my last post (below) you can see
that the proxy accepts the credentials (at 4.) but when we
re-send the request to satify IIS (at 6.) the proxy will
not let the request through.

1. Clients sends HTTP post to server via proxy
2. Proxy replys '407' (expected)
3. Client sends HTTP post with proxy credentials
4. Proxy passes on request to server
5. Server replys '401' (expected)
6. Client sends HTTP post with server credentials
7. Client receives an error.

NB : The proxy credentials are set at the HTTP channel
level and not for each request.

Thanks,

Scott Simms

-----Original Message-----

Can you try this

set the properties for the Remote object as below

IDictionary prop = ChannelServices.GetChannelSinkProperties(foo);

// this picks up the current credentials

prop["credentials"] = CredentialCache.DefaultCredentials;

// this allows your to specify domain/username/password
prop["username"] = "test";
prop["password"] = "password";
prop["domain"] = "myDomain";

// invoke method
// (credentials will be sent when the server sends a challenge)

foo.DoSomething();

thanks,
liju

--------------------
| Content-Class: urn:content-classes:message
| From: "Scott Simms" <[email protected]>
| Sender: "Scott Simms" <[email protected]>
| Subject: Remoting and Proxy Authentication
| Date: Mon, 13 Oct 2003 18:44:06 -0700
| Lines: 15
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcOR9Ke2rC1VtGUzR2SZ/1ZoMHVNPA==
| Newsgroups: microsoft.public.dotnet.framework
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework:56063
| NNTP-Posting-Host: TK2MSFTNGXA08 10.40.1.160
| X-Tomcat-NG: microsoft.public.dotnet.framework
|
| Can you please describe the technique to access a .Net
| remote object (remoting) via an authenticating proxy?
|
| I have used the "ProxyName" and "ProxyPort" HTTP channel
| properties successfully but I can't see how to pass
| credentials to a Proxy via remoting.
|
| At the moment I get the following error :
| "Proxy Authentication Required."
|
| PS : dotnet.framework.remoting appears to be unavailable
|
| Thanks,
|
| Scott Simms.
|

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.

©2001 Microsoft Corporation. All rights reserved.

.

Liju Thomas [MS] · Nov 10, 2003

Scott Simms · Nov 17, 2003

Hi Liju,

We are using Server Activated Singletons. Our application
works fine until we add in the authenticating proxy.

If you have a look at my previous posts you can see the
order of operations and my suspicion that the proxy
credentials in the HTTPChannel are not being sent after
the server challenges for user credentials.

Can you verify that the proxy credentials are retained
inside the HTTPClient channel?

Within our application code this is just 1 call to a
remote object, for example :

1. myRemoteObject.Foo()
-- under the covers...
-- 1.1. Clients sends HTTP post to server via proxy
-- 1.2. Proxy replys '407' (expected)
-- 1.3. Client sends HTTP post with proxy credentials
-- 1.4. Proxy passes on request to server
-- 1.5. Server replys '401' (expected)
-- 1.6. Client sends HTTP post with server credentials

2. Client receives an error.

Thanks,

Scott Simms.

-----Original Message-----
Hi Scott,
Are these CAO objects?
If so add machineName to your server channel.
<channel ref="http" machineName="machine name" />

For CAO the server send back the objref to the client and if it contains
the server IP then the client will not be able to reach the IP directly.
But if you specify machineName then the objref contains the server name
specified indtead of the IP. Make sure you specify the machine name that
client can resolve.
thanks,
liju
--------------------
| Content-Class: urn:content-classes:message
| From: "Scott Simms" <[email protected]>
| Sender: "Scott Simms" <[email protected]>
| References: <[email protected]>
<jJU##[email protected]>
| Subject: RE: Remoting and Proxy Authentication
| Date: Mon, 3 Nov 2003 19:54:32 -0800
| Lines: 110
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: quoted-printable
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcOih1riZdzm/FJ9Snq7CHC+/hQw2A==
| Newsgroups: microsoft.public.dotnet.framework
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework:57816
| NNTP-Posting-Host: TK2MSFTNGXA12 10.40.1.164
| X-Tomcat-NG: microsoft.public.dotnet.framework
|
| Hi Liju,
| Yes we are doing this now to supply IIS with credentials
| for basic authentication, this is not however used for
| proxy authentication.
| I believe that the problem is with the proxy credentials
| not being re-sent. From my last post (below) you can see
| that the proxy accepts the credentials (at 4.) but when we
| re-send the request to satify IIS (at 6.) the proxy will
| not let the request through.
| 1. Clients sends HTTP post to server via proxy
| 2. Proxy replys '407' (expected)
| 3. Client sends HTTP post with proxy credentials
| 4. Proxy passes on request to server
| 5. Server replys '401' (expected)
| 6. Client sends HTTP post with server credentials
| 7. Client receives an error.
| NB : The proxy credentials are set at the HTTP channel
| level and not for each request.
| Thanks,
| Scott Simms
| >-----Original Message-----
| >
| >
| >Can you try this
| >
| >
| >set the properties for the Remote object as below
| >
| >IDictionary prop =
| ChannelServices.GetChannelSinkProperties(foo);
| >
| >// this picks up the current credentials
| >
| >prop["credentials"] = CredentialCache.DefaultCredentials;
| >
| >
| >
| >// this allows your to specify domain/username/password
| >prop["username"] = "test";
| >prop["password"] = "password";
| >prop["domain"] = "myDomain";
| >
| >
| >
| >// invoke method
| >// (credentials will be sent when the server sends a
| challenge)
| >
| >foo.DoSomething();
| >
| >
| >thanks,
| >liju
| >
| >
| >--------------------
| >| Content-Class: urn:content-classes:message
| >| From: "Scott Simms" <[email protected]>
| >| Sender: "Scott Simms" <[email protected]>
| >| Subject: Remoting and Proxy Authentication
| >| Date: Mon, 13 Oct 2003 18:44:06 -0700
| >| Lines: 15
| >| Message-ID: <[email protected]>
| >| MIME-Version: 1.0
| >| Content-Type: text/plain;
| >| charset="iso-8859-1"
| >| Content-Transfer-Encoding: 7bit
| >| X-Newsreader: Microsoft CDO for Windows 2000
| >| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| >| Thread-Index: AcOR9Ke2rC1VtGUzR2SZ/1ZoMHVNPA==
| >| Newsgroups: microsoft.public.dotnet.framework
| >| Path: cpmsftngxa06.phx.gbl
| >| Xref: cpmsftngxa06.phx.gbl
| microsoft.public.dotnet.framework:56063
| >| NNTP-Posting-Host: TK2MSFTNGXA08 10.40.1.160
| >| X-Tomcat-NG: microsoft.public.dotnet.framework
| >|
| >| Can you please describe the technique to access a .Net
| >| remote object (remoting) via an authenticating proxy?
| >|
| >| I have used the "ProxyName" and "ProxyPort" HTTP
| channel
| >| properties successfully but I can't see how to pass
| >| credentials to a Proxy via remoting.
| >|
| >| At the moment I get the following error :
| >| "Proxy Authentication Required."
| >|
| >| PS : dotnet.framework.remoting appears to be unavailable
| >|
| >| Thanks,
| >|
| >| Scott Simms.
| >|
| >
| >This posting is provided "AS IS" with no warranties, and
| confers no rights.
| >You assume all risk for your use.
| >
| >©2001 Microsoft Corporation. All rights reserved.
| >
| >.
| >
|

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.

©2001 Microsoft Corporation. All rights reserved.

.

Remoting and Proxy Authentication

Scott Simms

Tian Min Huang

Scott Simms

Liju Thomas [MS]

Scott Simms

Liju Thomas [MS]

Scott Simms