Security

Previous page
Table of content
Next page


Security becomes an important issue, arguably the most important issue, any time your box connects to any other box. I wish I could say that .NET Remoting provided seamless security services. But, like Web services, remoting is in its infancy, and also like Web services, easy security outside the IIS host hasn’t been done yet. You have two choices.

Remoting doesn’t have seamless security.

If you’re not using IIS as the host, you pretty much have to write your own security. If you read the security example at the end of Chapter 4, you’ll see the sort of thing you have to do to roll your own security on top of remoting. That’s a pain, and I wish it were easier today. However, because remoting is generally used in intimate situations, say, between servers in a cluster, you might be in a design situation where you control the hardware and can get authentication and encryption services from it instead of from software. That’s possible if you’re using remoting as an internal, intimate means of communication, instead of the available-to-anyone-on-the- wild-and-wooly-Web situation that Web services were designed to address.

Remoting security outside IIS is difficult.

Most developers will find the easy authentication and encryption that IIS hosting provides to be economically compelling. To use Secure Socket Layer (SSL) encryption, the client simply changes its connection string from HTTP: to HTTPS:. IIS will also perform integrated Windows authentication. This form of security is a less compelling design choice in ASP.NET because a lot of the time the Web client isn’t a Windows system. But a remoting client by definition is on a Windows system, so integrated Windows authentication is a great idea. The sample program shows how the user’s identity is available in the HttpContext object of the IIS-hosted remoting object. The code is shown in Listing 10-13. You can then either impersonate the client or perform trusted user authorization, as explained at the end of Chapter 3.

IIS can provide you with authentication and encryption.

Listing 10-13: Authentication code for IIS hosting.

start example 
Public Function GetTime(ByVal ShowSeconds As Boolean) As String If (ShowSeconds = True) Then Return "IIS Hosted Remoting Object: " _ + Now.ToLongTimeString + _  "Your ID is:" + _ System.Web.HttpContext.Current.User.Identity.Name() Else (omitted) End If End Function
end example

start sidebar
Tips from the Trenches

If you need software authentication and don’t want to host with IIS, your remoting application will have to handle its own authentication. A two-part article written by Michael Barnett in August 2002 and included in the online documentation for Visual Studio 2003 describes the connection between remoting and the underlying Windows security system in great detail, with working sample code.

end sidebar



Previous page
Table of content
Next page
Introducing Microsoft. NET
Introducing Microsoft .NET (Pro-Developer)
ISBN: 0735619182
EAN: 2147483647
Year: 2003
Pages: 110
Authors: David S. Platt
BUY ON AMAZON
Developing Tablet PC Applications (Charles River Media Programming)
C++ How to Program (5th Edition)
Visual C# 2005 How to Program (2nd Edition)
101 Microsoft Visual Basic .NET Applications
The Java Tutorial: A Short Course on the Basics, 4th Edition
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy