Asp Forum - Remoting and security - microsoft.public.dotnet.framework.remoting

José Joye

7/23/2004 6:14:00 AM

Hello,

I have created a NT Service and I expose some methods through "Remoting".
All works great. However, I want to prevent that everyone (within my
Intranet) will be able to use it.
As I understand it, assuming that the client is installed on a PC within the
intranet, It will be possible to execute it and therefore communicate with
the Service that provide "Remoting" feature.

What is the correct way to allow only clients run by users within a
dedicated set of NT Group to access my Service providing the "Remoting"
feature?

Thanks a lot,
José

8 Answers

Sam Santiago

7/23/2004 5:26:00 PM

If you need security you must host your remote object within IIS. Or write
your own. Check out this link:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconchoosingcommunicationoption...

and
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconremotingexamplehostin...

Here's an excerpt:

"If you need to encrypt your calls or authenticate your client, you must use
an HTTP-based application hosted in IIS, whether that is an ASP.NET
application or a remoting application. This is because ASP.NET and .NET
remoting use the security services provided by IIS. .NET remoting does not
provide any security services when hosted outside IIS (for example, in a
Windows Service)."

Good luck.

Sam

--
_______________________________
Sam Santiago
ssantiago@n0spam-SoftiTechture.com

"José Joye" <jose.joye@KILLTHESPAMSbluewin.ch> wrote in message
news:eOFF8wHcEHA.1048@tk2msftngp13.phx.gbl...
> Hello,
>
> I have created a NT Service and I expose some methods through "Remoting".
> All works great. However, I want to prevent that everyone (within my
> Intranet) will be able to use it.
> As I understand it, assuming that the client is installed on a PC within
the
> intranet, It will be possible to execute it and therefore communicate with
> the Service that provide "Remoting" feature.
>
> What is the correct way to allow only clients run by users within a
> dedicated set of NT Group to access my Service providing the "Remoting"
> feature?
>
>
> Thanks a lot,
> José
>
>

José Joye

7/24/2004 8:32:00 PM

Thanks for your reply.

For different reasons, I do not want to host it within IIS.
Reading the first link you provided, it is written that:
"If you need security you must host your remote object within IIS. Or write
your own"
Do you know any article talking about this "write your own"?

Thanks,
José

"Sam Santiago" <ssantiago@n0spam-SoftiTechture.com> a écrit dans le message
de news:ezfSZoNcEHA.2880@TK2MSFTNGP12.phx.gbl...
> If you need security you must host your remote object within IIS. Or write
> your own. Check out this link:
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconchoosingcommunicationoption...
>
> and
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconremotingexamplehostin...
>
> Here's an excerpt:
>
> "If you need to encrypt your calls or authenticate your client, you must
use
> an HTTP-based application hosted in IIS, whether that is an ASP.NET
> application or a remoting application. This is because ASP.NET and .NET
> remoting use the security services provided by IIS. .NET remoting does not
> provide any security services when hosted outside IIS (for example, in a
> Windows Service)."
>
> Good luck.
>
> Sam
>
> --
> _______________________________
> Sam Santiago
> ssantiago@n0spam-SoftiTechture.com
>
> "José Joye" <jose.joye@KILLTHESPAMSbluewin.ch> wrote in message
> news:eOFF8wHcEHA.1048@tk2msftngp13.phx.gbl...
> > Hello,
> >
> > I have created a NT Service and I expose some methods through
"Remoting".
> > All works great. However, I want to prevent that everyone (within my
> > Intranet) will be able to use it.
> > As I understand it, assuming that the client is installed on a PC within
> the
> > intranet, It will be possible to execute it and therefore communicate
with
> > the Service that provide "Remoting" feature.
> >
> > What is the correct way to allow only clients run by users within a
> > dedicated set of NT Group to access my Service providing the "Remoting"
> > feature?
> >
> >
> > Thanks a lot,
> > José
> >
> >
>
>

Sam Santiago

7/25/2004 3:23:00 AM

You might want to take a look at the Authorization and Profile Application
Block:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/a...

It will provide a framework to help you design security into your
application. Here's a summary regarding the application block:

"This block is a reusable code component that builds on the capabilities of
the Microsoft .NET Framework to help you perform authorization and access
profile information."

Good luck.

Thanks,

Sam

--
_______________________________
Sam Santiago
ssantiago@n0spam-SoftiTechture.com
"José Joye" <jose.joye@__No_SPam__bluewin__maPS_oN__.ch> wrote in message
news:%23MHFO1bcEHA.1896@TK2MSFTNGP10.phx.gbl...
> Thanks for your reply.
>
> For different reasons, I do not want to host it within IIS.
> Reading the first link you provided, it is written that:
> "If you need security you must host your remote object within IIS. Or
write
> your own"
> Do you know any article talking about this "write your own"?
>
>
> Thanks,
> José
>
> "Sam Santiago" <ssantiago@n0spam-SoftiTechture.com> a écrit dans le
message
> de news:ezfSZoNcEHA.2880@TK2MSFTNGP12.phx.gbl...
> > If you need security you must host your remote object within IIS. Or
write
> > your own. Check out this link:
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconchoosingcommunicationoption...
> >
> > and
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconremotingexamplehostin...
> >
> > Here's an excerpt:
> >
> > "If you need to encrypt your calls or authenticate your client, you must
> use
> > an HTTP-based application hosted in IIS, whether that is an ASP.NET
> > application or a remoting application. This is because ASP.NET and .NET
> > remoting use the security services provided by IIS. .NET remoting does
not
> > provide any security services when hosted outside IIS (for example, in a
> > Windows Service)."
> >
> > Good luck.
> >
> > Sam
> >
> > --
> > _______________________________
> > Sam Santiago
> > ssantiago@n0spam-SoftiTechture.com
> >
> > "José Joye" <jose.joye@KILLTHESPAMSbluewin.ch> wrote in message
> > news:eOFF8wHcEHA.1048@tk2msftngp13.phx.gbl...
> > > Hello,
> > >
> > > I have created a NT Service and I expose some methods through
> "Remoting".
> > > All works great. However, I want to prevent that everyone (within my
> > > Intranet) will be able to use it.
> > > As I understand it, assuming that the client is installed on a PC
within
> > the
> > > intranet, It will be possible to execute it and therefore communicate
> with
> > > the Service that provide "Remoting" feature.
> > >
> > > What is the correct way to allow only clients run by users within a
> > > dedicated set of NT Group to access my Service providing the
"Remoting"
> > > feature?
> > >
> > >
> > > Thanks a lot,
> > > José
> > >
> > >
> >
> >
>
>

José Joye

7/27/2004 5:45:00 AM

Thanks,
I'm currently reading it

José
"Sam Santiago" <ssantiago@n0spam-SoftiTechture.com> wrote in message
news:eL2FgafcEHA.2812@TK2MSFTNGP11.phx.gbl...
> You might want to take a look at the Authorization and Profile Application
> Block:
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/a...
>
> It will provide a framework to help you design security into your
> application. Here's a summary regarding the application block:
>
> "This block is a reusable code component that builds on the capabilities
of
> the Microsoft .NET Framework to help you perform authorization and access
> profile information."
>
> Good luck.
>
> Thanks,
>
> Sam
>
> --
> _______________________________
> Sam Santiago
> ssantiago@n0spam-SoftiTechture.com
> "José Joye" <jose.joye@__No_SPam__bluewin__maPS_oN__.ch> wrote in message
> news:%23MHFO1bcEHA.1896@TK2MSFTNGP10.phx.gbl...
> > Thanks for your reply.
> >
> > For different reasons, I do not want to host it within IIS.
> > Reading the first link you provided, it is written that:
> > "If you need security you must host your remote object within IIS. Or
> write
> > your own"
> > Do you know any article talking about this "write your own"?
> >
> >
> > Thanks,
> > José
> >
> > "Sam Santiago" <ssantiago@n0spam-SoftiTechture.com> a écrit dans le
> message
> > de news:ezfSZoNcEHA.2880@TK2MSFTNGP12.phx.gbl...
> > > If you need security you must host your remote object within IIS. Or
> write
> > > your own. Check out this link:
> > >
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconchoosingcommunicationoption...
> > >
> > > and
> > >
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconremotingexamplehostin...
> > >
> > > Here's an excerpt:
> > >
> > > "If you need to encrypt your calls or authenticate your client, you
must
> > use
> > > an HTTP-based application hosted in IIS, whether that is an ASP.NET
> > > application or a remoting application. This is because ASP.NET and
..NET
> > > remoting use the security services provided by IIS. .NET remoting does
> not
> > > provide any security services when hosted outside IIS (for example, in
a
> > > Windows Service)."
> > >
> > > Good luck.
> > >
> > > Sam
> > >
> > > --
> > > _______________________________
> > > Sam Santiago
> > > ssantiago@n0spam-SoftiTechture.com
> > >
> > > "José Joye" <jose.joye@KILLTHESPAMSbluewin.ch> wrote in message
> > > news:eOFF8wHcEHA.1048@tk2msftngp13.phx.gbl...
> > > > Hello,
> > > >
> > > > I have created a NT Service and I expose some methods through
> > "Remoting".
> > > > All works great. However, I want to prevent that everyone (within my
> > > > Intranet) will be able to use it.
> > > > As I understand it, assuming that the client is installed on a PC
> within
> > > the
> > > > intranet, It will be possible to execute it and therefore
communicate
> > with
> > > > the Service that provide "Remoting" feature.
> > > >
> > > > What is the correct way to allow only clients run by users within a
> > > > dedicated set of NT Group to access my Service providing the
> "Remoting"
> > > > feature?
> > > >
> > > >
> > > > Thanks a lot,
> > > > José
> > > >
> > > >
> > >
> > >
> >
> >
>
>

José Joye

7/28/2004 12:51:00 PM

Hello,

I have found a nice article about what I was looking for:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/...

José

"Sam Santiago" <ssantiago@n0spam-SoftiTechture.com> wrote in message
news:eL2FgafcEHA.2812@TK2MSFTNGP11.phx.gbl...
> You might want to take a look at the Authorization and Profile Application
> Block:
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/a...
>
> It will provide a framework to help you design security into your
> application. Here's a summary regarding the application block:
>
> "This block is a reusable code component that builds on the capabilities
of
> the Microsoft .NET Framework to help you perform authorization and access
> profile information."
>
> Good luck.
>
> Thanks,
>
> Sam
>
> --
> _______________________________
> Sam Santiago
> ssantiago@n0spam-SoftiTechture.com
> "José Joye" <jose.joye@__No_SPam__bluewin__maPS_oN__.ch> wrote in message
> news:%23MHFO1bcEHA.1896@TK2MSFTNGP10.phx.gbl...
> > Thanks for your reply.
> >
> > For different reasons, I do not want to host it within IIS.
> > Reading the first link you provided, it is written that:
> > "If you need security you must host your remote object within IIS. Or
> write
> > your own"
> > Do you know any article talking about this "write your own"?
> >
> >
> > Thanks,
> > José
> >
> > "Sam Santiago" <ssantiago@n0spam-SoftiTechture.com> a écrit dans le
> message
> > de news:ezfSZoNcEHA.2880@TK2MSFTNGP12.phx.gbl...
> > > If you need security you must host your remote object within IIS. Or
> write
> > > your own. Check out this link:
> > >
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconchoosingcommunicationoption...
> > >
> > > and
> > >
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconremotingexamplehostin...
> > >
> > > Here's an excerpt:
> > >
> > > "If you need to encrypt your calls or authenticate your client, you
must
> > use
> > > an HTTP-based application hosted in IIS, whether that is an ASP.NET
> > > application or a remoting application. This is because ASP.NET and
..NET
> > > remoting use the security services provided by IIS. .NET remoting does
> not
> > > provide any security services when hosted outside IIS (for example, in
a
> > > Windows Service)."
> > >
> > > Good luck.
> > >
> > > Sam
> > >
> > > --
> > > _______________________________
> > > Sam Santiago
> > > ssantiago@n0spam-SoftiTechture.com
> > >
> > > "José Joye" <jose.joye@KILLTHESPAMSbluewin.ch> wrote in message
> > > news:eOFF8wHcEHA.1048@tk2msftngp13.phx.gbl...
> > > > Hello,
> > > >
> > > > I have created a NT Service and I expose some methods through
> > "Remoting".
> > > > All works great. However, I want to prevent that everyone (within my
> > > > Intranet) will be able to use it.
> > > > As I understand it, assuming that the client is installed on a PC
> within
> > > the
> > > > intranet, It will be possible to execute it and therefore
communicate
> > with
> > > > the Service that provide "Remoting" feature.
> > > >
> > > > What is the correct way to allow only clients run by users within a
> > > > dedicated set of NT Group to access my Service providing the
> "Remoting"
> > > > feature?
> > > >
> > > >
> > > > Thanks a lot,
> > > > José
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Sam Santiago

7/28/2004 4:00:00 PM

Great, nice find. Thanks for posting it back to the group.

Thanks,

Sam

--
_______________________________
Sam Santiago
ssantiago@n0spam-SoftiTechture.com
http://www.SoftiTe...
_______________________________
"José Joye" <jose.joye@KILLTHESPAMSbluewin.ch> wrote in message
news:uW%23NTGKdEHA.2696@TK2MSFTNGP09.phx.gbl...
> Hello,
>
> I have found a nice article about what I was looking for:
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/...
>
> José
>
> "Sam Santiago" <ssantiago@n0spam-SoftiTechture.com> wrote in message
> news:eL2FgafcEHA.2812@TK2MSFTNGP11.phx.gbl...
> > You might want to take a look at the Authorization and Profile
Application
> > Block:
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/a...
> >
> > It will provide a framework to help you design security into your
> > application. Here's a summary regarding the application block:
> >
> > "This block is a reusable code component that builds on the capabilities
> of
> > the Microsoft .NET Framework to help you perform authorization and
access
> > profile information."
> >
> > Good luck.
> >
> > Thanks,
> >
> > Sam
> >
> > --
> > _______________________________
> > Sam Santiago
> > ssantiago@n0spam-SoftiTechture.com
> > "José Joye" <jose.joye@__No_SPam__bluewin__maPS_oN__.ch> wrote in
message
> > news:%23MHFO1bcEHA.1896@TK2MSFTNGP10.phx.gbl...
> > > Thanks for your reply.
> > >
> > > For different reasons, I do not want to host it within IIS.
> > > Reading the first link you provided, it is written that:
> > > "If you need security you must host your remote object within IIS. Or
> > write
> > > your own"
> > > Do you know any article talking about this "write your own"?
> > >
> > >
> > > Thanks,
> > > José
> > >
> > > "Sam Santiago" <ssantiago@n0spam-SoftiTechture.com> a écrit dans le
> > message
> > > de news:ezfSZoNcEHA.2880@TK2MSFTNGP12.phx.gbl...
> > > > If you need security you must host your remote object within IIS. Or
> > write
> > > > your own. Check out this link:
> > > >
> > >
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconchoosingcommunicationoption...
> > > >
> > > > and
> > > >
> > >
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconremotingexamplehostin...
> > > >
> > > > Here's an excerpt:
> > > >
> > > > "If you need to encrypt your calls or authenticate your client, you
> must
> > > use
> > > > an HTTP-based application hosted in IIS, whether that is an ASP.NET
> > > > application or a remoting application. This is because ASP.NET and
> .NET
> > > > remoting use the security services provided by IIS. .NET remoting
does
> > not
> > > > provide any security services when hosted outside IIS (for example,
in
> a
> > > > Windows Service)."
> > > >
> > > > Good luck.
> > > >
> > > > Sam
> > > >
> > > > --
> > > > _______________________________
> > > > Sam Santiago
> > > > ssantiago@n0spam-SoftiTechture.com
> > > >
> > > > "José Joye" <jose.joye@KILLTHESPAMSbluewin.ch> wrote in message
> > > > news:eOFF8wHcEHA.1048@tk2msftngp13.phx.gbl...
> > > > > Hello,
> > > > >
> > > > > I have created a NT Service and I expose some methods through
> > > "Remoting".
> > > > > All works great. However, I want to prevent that everyone (within
my
> > > > > Intranet) will be able to use it.
> > > > > As I understand it, assuming that the client is installed on a PC
> > within
> > > > the
> > > > > intranet, It will be possible to execute it and therefore
> communicate
> > > with
> > > > > the Service that provide "Remoting" feature.
> > > > >
> > > > > What is the correct way to allow only clients run by users within
a
> > > > > dedicated set of NT Group to access my Service providing the
> > "Remoting"
> > > > > feature?
> > > > >
> > > > >
> > > > > Thanks a lot,
> > > > > José
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Malcolm

7/26/2009 7:05:00 PM

In article <F1%am.36591$Db2.24594@edtnps83>, La N
<nilita2004NOSPAM@yahoo.com> writes
>
>"Malcolm" <Malcolm@indaal.demon.co.uk> wrote in message
>news:V2$EIPyBbGbKFwK2@indaal.demon.co.uk...
>>
>> In article <7d30i2F27h9beU1@mid.individual.net>, Deirdre Sholto Douglas
>> <finch.enteract@sbcglobal.net> writes
>>>Malcolm wrote:
>>>
>>>> Your response appears to be entirely predictable
>>>
>>>Her post is entirely predictable also, Malcolm...
>>>you need to observe the dynamic between them
>>>a bit longer before you decide she's the victim
>>>and he's the aggressor. Nilita, candidly, is
>>>no better than Fred, she's just a bit sneakier
>>>about how she presents it.
>
>
>>>
>> I've seen the interplay (if that's the right word!) between the two of
>> them. At the moment, though, it has only been Fred who has attempted to
>> attack me because he didn't realise in time that I knew a lot more than he
>> did about a subject which I happen to have worked on professionally for a
>> great many years :-)
>>
>> His comprehension skills leave a lot to be desired, too. It's always
>> difficult discussing something with someone who has difficulty
>> understanding the written word. Did you see him accuse me of coming back
>> to have the last word when I had told him he could have it? What he
>> completely failed to comprehend was that I wasn't addressing him any
>> longer but someone else.
>>
>
>But ... but ... it's all *my* fault, Malcolm, don't you see ... ;)
>
LOL!

In the world of Fred, everything is someone else's fault, including his
inability to comprehend the written word.

--
Malcolm

Deirdre Sholto Douglas

7/26/2009 7:22:00 PM

Fred J. McCall wrote:
> Deirdre Sholto Douglas <finch.enteract@sbcglobal.net> wrote:
>
> :Malcolm wrote:
> :
> :> Your response appears to be entirely predictable
> :
> :Her post is entirely predictable also, Malcolm...
> :you need to observe the dynamic between them
> :a bit longer before you decide she's the victim
> :and he's the aggressor. Nilita, candidly, is
> :no better than Fred, she's just a bit sneakier
> :about how she presents it.
> :
>
> Oh, she's actually much worse. I don't believe you've ever seen me
> campaigning for ostracism, for example. The 'bit sneakier' part is
> one of the things that makes her worse, since it illustrates her real
> personality; ugly and manipulative.
>
> Normally I consider carrying grudges over Usenet to be silly,
> pointless and not worth the bother. In her case I'm willing to make
> an exception.

I'm not trying to be nasty, Fred, but in all
fairness, I'm not interested in your side of
the story either...I'm simply tired of what
is, apparently, a personal dispute being con-
tinually waged in the public eye...and for
myself, I'd like it to disappear off my radar
screen.

Obviously, my words can't make it cease...you
and Nilita both seem to have way too much in-
vested in this feud and it's clear neither of
you is willing stop.

Deirdre

________________
The voice of the majority is no proof of
justice. - Schiller

microsoft.public.dotnet.framework.remoting

Remoting and security

José Joye

Sam Santiago

José Joye

Sam Santiago

José Joye

José Joye

Sam Santiago

Malcolm

Deirdre Sholto Douglas

x Login to ForumsZone