Udostępnij za pośrednictwem


securing remoting endpoints

There are a couple of ways you can secure remoting endpoints:

1. Host in IIS:

hosting your server components in IIS allows you to secure your application using IIS' inbuilt authentication (basic/digest/ntlm/kerb) and encryption (using https) mechanisms. Remoting clients have the ability to specify username/password or NetworkCredential and use https (including client side certificates)

2. Use custom security sinks:

You can build your own custom sinks which can provide security features if its required that remoting objects are hosted out of IIS. There is a sample security sink based on SSPI available on gotdotnet.

In v2.0 of the framework (Beta of which is currently available) there is inbuilt support for SSPI based authentication/encryption on the remoting TCP channel. Any feedback on this feature would be much appreciated.