9.9 Authentication

only for RuBoard

Currently, the ServerInfo virtual directory is configured to allow anonymous access and Integrated Windows authentication (IWA). In spite of this configuration, no authentication takes place because the anonymous connection is always attempted first (which explains why things happen relatively quickly).

To authenticate users, leave IIS in its current configuration ( with anonymous access and IWA turned on) and use the Web.config file to control who has access to the resource.

To prevent anonymous users from accessing the assembly, use:

 <configuration> <system.runtime.remoting>   <!--remoting settings are up here </system.runtime.remoting>  <system.web>   <authentication mode="Windows" />   <authorization>   <deny users="?" />   </authorization>   </system.web>  </configuration> 

Specific users can be granted access by initially denying everyone and then specifying who has permission:

 <authorization>   <deny users="*" />   <allow users="Administrator, ServerInfoClient" /> </authorization> 

Or, permissions can be assigned based on roles (or a permutation of all of the above):

 <authorization>   <deny users="*" />   <allow users="ServerInfoClient" roles="Administrators, Remote Objects" /> </authorization> 

To avoid confusion, the ? represents unauthenticated users, while the * refers to all users, whether or not they are authenticated.

Typically, when an application accesses restricted resources, it does so through an account created specifically for that purpose (rather than by creating accounts for every user ). Therefore, go ahead and modify Web.config to restrict access to a single user named ServerInfoClient :

 <authorization>   <deny users="*" />   <allow users="ServerInfoClient" /> </authorization> 

This account fulfills that purpose for the rest of the chapter. No specific rights need to be assigned; just create the user on the domain (or the local machine, if testing is done there) and assign it a password.

9.9.1 Credentials

If everything is configured correctly, the client from Example 9-14 will no longer work. Instead of receiving server information, the output looks something like this:

 System.Net.WebException The remote server returned an error: (401) Unauthorized. 

This output occurs because the client must now provide the appropriate credentials to access the remote object. Creating the appropriate credentials is easy with the System.Net.NetworkCredential class; the constructor takes a user name , password, and domainjust what is needed. But getting the credential to IIS is the trick.

Calling ChannelServices.GetChannelSinkProperties returns an IDictionary interface that allows various properties associated with the proxy object to be set or retrieved.

The properties are:


Username for basic and digest authentication


Password for basic and digest authentication


Domain name for basic and digest authentication


Indicates whether preauthentication of requests is enabled


Security credentials for web service client authentication


Collection of client certificates


The name of the proxy server to use for requests


The port number of the proxy server to use for requests


The timeout (in milliseconds ) for synchronous calls


Indicates whether automatic handling of server redirects is enabled

The property of interest is credentials . The following fragment demonstrates how this property is set using the NetworkCredential class. Notice that the credentials must be set for the factory object as well as the ServerInfo proxy instance:

 Dim factory As IServerInfoFactory = _ Activator.GetObject(GetType(IServerInfoFactory), _   "")     Dim dictionary As IDictionary = _   ChannelServices.GetChannelSinkProperties(factory)     '  Set the cedentials for factory object   Dim nc As NetworkCredential = _   New NetworkCredential("RemoteUserWithRights", "pass", "MYDOMAIN")   dictionary("credentials") = nc  'Get object from factory Dim si As IServerInfo = factory.CreateServerInfo( )     '  Use credentials for ServerInfo, too   dictionary = ChannelServices.GetChannelSinkProperties(si)   dictionary("credentials") = nc  '  Make calls on IServerInfo here  
only for RuBoard

Object-Oriented Programming with Visual Basic. Net
Object-Oriented Programming with Visual Basic .NET
ISBN: 0596001460
EAN: 2147483647
Year: 2001
Pages: 112
Authors: J.P. Hamilton

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net