Udostępnij za pośrednictwem


Passing Credentials in .net Remoting

This is my first blog, so jumping straight to the point. One intresting thing that I wanted to share for which I have not seen much documentation but people spending long hours figuring this out is how to pass credentials in .net Remoting.
Basically there would be two kinds of scenarios:
1. Passing default credentials:
i.e if a user wants to pass  the windows credentials of the process along with the remoting request.In this scenario all you want to do is set the useDefaultCredentials property on the HttpChannel to true either programmatically:
props[“useDefaultCredentials“]=“true“
channel = new HttpClientChannel(ChannelProps, ClientBinFormatter);
or through configuration file:
<channel ref="http" useDefaultCredentials="true" />

2. Passing custom Credentials:
If you want to specify the username, password at runtime and want to pass it with the remoting request. This has been different with .net 1.0 and .net 1.1.
.net 1.0 : All you want to do is set the credentials property on your HttpChannel and all remoting requests through this channel sink will use the specified credentials.
nICredential credObj = new NetworkCredential(userName,password,domain);
Properties["credentials"] = credObj;
HttpChannel hc = new HttpChannel(channelProperties,…, .... );

n .net 1.1

n

This behavior is changed in .net 1.1 and now the credentials are needed to be set on each proxy, after you create it. This is easy when doing Server Activated object(SingleCall, Singleton). So for that you can easily do:

ICredential nc= new NetworkCredential(userName,password,domain);
nobject obj = Activator.GetObject (type, url);

nIDictionary dict = ChannelServices.GetChannelSinkProperties(obj);

n//set credentials on the proxy object

ndict["credentials"] = nc;

 

Setting credentials for CAO in .net 1.1
The catch with setting credentials on each proxy is that since Client activated objects sends a network request during 'new' or GetObject call, the credentials are already passed before you have your proxy. So to get around this problem if you want to pass custom credentials for CAO objects then we get the proxy to internal remoting object that is responsible for creating object on the server and set the credentials on that first.

1. CAO's are managed by internal Server objects so for CAOs we need to create a proxy to
<https://<localhost>/<vroot>/RemoteActivationService.rem>
Set credentials on ChannelSink of this internal proxy
2. Now when we register and create the CAO on the client, the 'new' call will use the credentials set on RemoteActivationService.rem proxy.
3. Get the Channelsink of the CAO proxy
4. Set Credentials on the CAO proxy

 This is how the sample code will look like:

ChannelServices.RegisterChannel(channel);

//Get a proxy for RemoteActivationService.rem this is an //internal object for CAO's

object obj = Activator.GetObject(typeof(RemObjects.MathObject), "https://localhost:80/RemObjects/RemoteActivationService.rem");

IDictionary dict = ChannelServices.GetChannelSinkProperties(obj);

//set credentials on the proxy object

dict["credentials"] = nc;

RemotingConfiguration.RegisterActivatedClientType(typeof(RemObjects.MathObject),"https://localhost:80/Rembjects/");

//get instance of your object

objMath = new RemObjects.MathObject(128);

//get channel sink object for your object and set credentials on that

dict = ChannelServices.GetChannelSinkProperties(objMath);

dict["credentials"] = nc;

 

Feel free to give me a feedback on this.

Comments

  • Anonymous
    February 23, 2004
    Is it possible to pass the default credentials with a TCP channel? and if so, how?


    I'd love to be able to do the same thing with a client-server remoting app, but have yet to figure out how. I'd hate to add a "credentials" parameter to all of my publically remoted methods.

    Peter
  • Anonymous
    February 23, 2004
    TcpChannel class does not have attributes to pass credentials, as it tries to be more like bare minimum TCP.
    But the good news is you can pass credentials as part of msg using Channel Sinks. So your client and server need not know anything about the security sinks.
    MSDN has a good sample showing how to do the same. Check this out:
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/remsspi.asp
    It has full example of how to pass credentials and authenticate using Channel sinks.
  • Anonymous
    April 06, 2004
    The comment has been removed
  • Anonymous
    April 06, 2004
    The comment has been removed
  • Anonymous
    August 22, 2016
    I realize this is very old post but for those who are still utilizing legacy .NET remoting with .NET 4.0 or later, "credentials" has been replaced with the 3 keys "username", "password" and "domain". I modified code to use these keys and all worked as expected for Server Activated object (Activator.GetObject(....))