Remoting, IIS, Binary Formatter

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am working on a VB.NET application that uses remoting hosted inside on IIS.
I chose the binary formatter for this application because the only clients
that will be connecting to it are .NET based, as well as the fact that is
fast. My SQL database holds a table of users, passwords, and roles. With an
ASP.net application I can easily do a User.IsInRole("somerole") because of
forms authentication and keeping the roles info in an encrypted cookie. What
would be the best way for doing the same type of thing when hosting a remoted
object in IIS? Would I pass some encrypted credentials each time back to the
server, do a lookup each time, or can I store thses somewhere on the server?
 
Hi,

Welcome to MSDN newsgroup.
As for the How to do the authentication and stored the authentication token
within .net remoting application you mentioned, I think it also depends on
how you would configure your remote object. As singleton or SingleCall (I
assume that we will use WellKnown object, Server Activation). If you're
using singleton, since each remote method call will be invoked at the same
object, we can implement our own "One time" authentication mechanism. For
example, implement our own "remoting cookie" , when the first time client
reques the remote object, do the authentication and then return the
authentication ticket back to client(if client is validated). Then, all the
sequential request from that client will contains this ticket. Also, you
can alternatively store the authenticated info on the server ,such as
mantained an authenticated clients's lookup list, and check this list
before each method's invokation.

If you're choosing "SingleCall" , since each remote method call invoked on
different object, store info on server object may not be possbile.

In addition, I think you can even make this authentication operation in a
custom ChannelSink , so that
all the authentication and validation works will be finished in the Sink's
code rather than mixed with out component's code. You can refer to the
following article on such idea:

http://msdn.microsoft.com/library/en-us/dndotnet/html/remsec.asp?frame=true

If there is anything unclear, please feel free to post here. Thanks,


Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
Back
Top