I have exhausted my efforts to find any useful information about the IAuthorizeRemotingConnection
interface in regards to .NET Remoting, and I'm not really finding anything useful.
The issue here isn't really a "how-to" as there are many examples out there, but the issue is one of how identities relate to each other in the IsConnectingIdentityAuthorized
method.
We have a .NET Remoting Service running and have lately added the IAuthorizeRemotingConnection
interface to a class that then is used by the remoting service to validate identies. The problem I'm having is "what identities" are we validating?
I'm able to开发者_JAVA技巧 log the identity as it is passed into the IAuthorizeRemotingConnection
method as it's passed in on my local system. I can tell the identity is the MACHINE\ASPNET user. Howeeer, in our development server, where we host the service against another development web server, I'm unable to see the identity.
Bascially, while the IsConnectingEndPointAuthorized
method is called by the remoting service, and I can log that this occurs, I never see that the IsConnectingIdentityAuthorized
is called.
This is very strange because while I'm using the same exact code-base for my local system, it works differently in the dev environmet. The most frustating thing about it is that I can't tell which identity is trying to use the service and even then, I can't even see tha the method used for verify the ideniity is being called at all.
I do see an exception occuring with a "login denied" message in the web application log. I'm wondering if we're "preauthenticating" in some fashion behind the scenes, and this fails, so we then fail to even call the IsConnectingIdentityAuthorized
method.
Anyone have any experience with this they can share?
Before you add, "use a WCF" service, I am planning to go that way, but it'll be a while yet before that's fully implemented. I also have authenticatin identity quesions concering WCF. However, I'd love to be able to nail this remoting issue down too.
I ran into something along these lines when getting remoting objects working under SSL. We needed to resolve Trust Issues (caspol to give site FullTrust) and since all the components in use were strong-named, we needed to stop using generated assembly versions
[assembly: AssemblyVersion("7.3.*")]
and instead make sure they were fixed
[assembly: AssemblyVersion("7.3.1.1")]
- this seemed to make fusion much less confused.
Other than that, does the AppPool user on the development server have privileges, or do you need to ensure you are using the same user across the connection? The MACHINE\ASPNET on your caller will have a different security token than on your server, so you might want to authenticate under a domain user? See this for a full picture and some ideas: http://msdn.microsoft.com/en-us/library/ff649264.aspx
精彩评论