The .NET Remoting infrastructure enables applications to communicate with one another on the same machine or across machines in a network. The Remoting infrastructure can use the HTTP or TCP transports for communication and can send messages in many formats, the most common of which are SOAP or binary format.
Because the Remoting infrastructure provides no default authentication and authorization mechanisms, it is not recommended for use by Internet- facing applications. It is designed for applications that run in a trusted environment and is well suited for Web server communication to remote application servers, which is shown in Figure 17.5.
In this scenario, a Windows service hosts the Remoting objects and communication occurs through a TCP channel. This approach offers good performance, but does not necessarily address security. For added security, use IPSec between the Web server and the application server and only allow the Web server to establish connections with the application server.
To benefit from the security features provided by ASP.NET and IIS, host your remote components in ASP.NET and use the HTTP channel for communication, as Figure 17.6 shows.
In this scenario, you can use Windows integrated authentication to authenticate the ASP.NET Web application process identity. You can also use SSL for secure communication and the gatekeepers provided by IIS and ASP.NET for authorization.