[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

microsoft.public.dotnet.framework.remoting

MCSD 70-310 Creating and Consuming .NET Remoting Objects Exam Question

Greg

7/13/2004 3:54:00 AM

I have a sample question:

You are creating a .NET remoting application for hosting on an IIS server.
You need to restrict the resources a remote object can access on a computer.
You implement ____ to control the resources a remote object can access on a
computer. (Choose one correct option)


1.. Role-base security
2.. SSL security
3.. Code Access security
4.. HttpChannel Web Security
What is the correct answer and why?
29 Answers

Sunny

7/13/2004 2:46:00 PM

0

Hi Greg,


In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com
says...
> I have a sample question:
>
> You are creating a .NET remoting application for hosting on an IIS server.
> You need to restrict the resources a remote object can access on a computer.
> You implement ____ to control the resources a remote object can access on a
> computer. (Choose one correct option)
>
>
> 1.. Role-base security
> 2.. SSL security
> 3.. Code Access security
> 4.. HttpChannel Web Security
> What is the correct answer and why?
>
>
>

I do not think that the question is very clear, but I''ll bet on Role-
base security. IIS hosted objects are running as ASPNET user by default,
or if impersonated, with some other user''s rights. And what a user can
do with machine resources is controlled by this users rights. I.e. role-
based security is the most right answer in my view.

Sunny

Eric

7/13/2004 5:58:00 PM

0

Sunny wrote:

> I do not think that the question is very clear, but I''ll bet on Role-
> base security. IIS hosted objects are running as ASPNET user by
> default, or if impersonated, with some other user''s rights.

Remoting objects don''t log in

Since it''s hosted in IIS, and uses HTTP, I would go with SSL.

Eric

Sunny

7/13/2004 6:21:00 PM

0

In article <#wWAgLQaEHA.3596@tk2msftngp13.phx.gbl>, "Eric" <Eric>
says...
> Sunny wrote:
>
> > I do not think that the question is very clear, but I''ll bet on Role-
> > base security. IIS hosted objects are running as ASPNET user by
> > default, or if impersonated, with some other user''s rights.
>
> Remoting objects don''t log in
>
> Since it''s hosted in IIS, and uses HTTP, I would go with SSL.
>
> Eric
>


They are running with the rights of the process in which they are
hosted. This is aspnet for asp.net processes.

SSL is only encryption, it does nothing to do with the rights a process
has over resources.

Sunny

Ken Kolda

7/13/2004 8:33:00 PM

0

I agree with Sunny that this is pretty vaguely worded... it says you want to
"restrict the resources a remote object can access" -- it doesn''t say
anything about whether that''s based on the identity of the user invoking the
object''s methods. So, to me, that implies code access security (i.e.
independent of identity). But, since the server is in control of what
objects get remoted, it would seem silly to remote an object that could
perform operations you don''t want to allow.

So, I''d probably go with #4, HttpChannel security, because this is what
allows the client to pass to the server the identity info with the object''s
method calls. But, I would think you''d use this in conjunction with
role-based security on the server side.

Ken


"Sunny" <sunny@newsgroups.nospam> wrote in message
news:e1vnkgOaEHA.808@tk2msftngp13.phx.gbl...
> Hi Greg,
>
>
> In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com
> says...
> > I have a sample question:
> >
> > You are creating a .NET remoting application for hosting on an IIS
server.
> > You need to restrict the resources a remote object can access on a
computer.
> > You implement ____ to control the resources a remote object can access
on a
> > computer. (Choose one correct option)
> >
> >
> > 1.. Role-base security
> > 2.. SSL security
> > 3.. Code Access security
> > 4.. HttpChannel Web Security
> > What is the correct answer and why?
> >
> >
> >
>
> I do not think that the question is very clear, but I''ll bet on Role-
> base security. IIS hosted objects are running as ASPNET user by default,
> or if impersonated, with some other user''s rights. And what a user can
> do with machine resources is controlled by this users rights. I.e. role-
> based security is the most right answer in my view.
>
> Sunny

Eric

7/13/2004 10:46:00 PM

0

Sunny wrote:

> SSL is only encryption, it does nothing to do with the rights a
> process has over resources.

That leaves us with CAS.

Eric

Greg

7/14/2004 12:17:00 AM

0

Well, this question was from the Practice Exam of the Microsoft official study guide Developing XML Web Services and Server Components with Microsoft Visual Basic .NET and Microsoft Visual C# .NET for exam 70-310.

But apparently 3 Code Access security is the correct answer. The study guide says You can use code-access security to secure remote objects. But the study guide also mentions that If you host remote objects in IIS, you can use the security feature of IIS and SSL to secure remote objects. IIS hosting provides SSL, which allows you to secure messages sent to or received from remote objects. In addition, you can use Integrated Windows Authentication or Kerberos to secure the remote objects hosted in IIS.

So go figure.

"Ken Kolda" <ken.kolda@elliemae-nospamplease.com> wrote in message news:OkqrTjRaEHA.1840@TK2MSFTNGP11.phx.gbl...
> I agree with Sunny that this is pretty vaguely worded... it says you want to
> "restrict the resources a remote object can access" -- it doesn''t say
> anything about whether that''s based on the identity of the user invoking the
> object''s methods. So, to me, that implies code access security (i.e.
> independent of identity). But, since the server is in control of what
> objects get remoted, it would seem silly to remote an object that could
> perform operations you don''t want to allow.
>
> So, I''d probably go with #4, HttpChannel security, because this is what
> allows the client to pass to the server the identity info with the object''s
> method calls. But, I would think you''d use this in conjunction with
> role-based security on the server side.
>
> Ken
>
>
> "Sunny" <sunny@newsgroups.nospam> wrote in message
> news:e1vnkgOaEHA.808@tk2msftngp13.phx.gbl...
> > Hi Greg,
> >
> >
> > In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com
> > says...
> > > I have a sample question:
> > >
> > > You are creating a .NET remoting application for hosting on an IIS
> server.
> > > You need to restrict the resources a remote object can access on a
> computer.
> > > You implement ____ to control the resources a remote object can access
> on a
> > > computer. (Choose one correct option)
> > >
> > >
> > > 1.. Role-base security
> > > 2.. SSL security
> > > 3.. Code Access security
> > > 4.. HttpChannel Web Security
> > > What is the correct answer and why?
> > >
> > >
> > >
> >
> > I do not think that the question is very clear, but I''ll bet on Role-
> > base security. IIS hosted objects are running as ASPNET user by default,
> > or if impersonated, with some other user''s rights. And what a user can
> > do with machine resources is controlled by this users rights. I.e. role-
> > based security is the most right answer in my view.
> >
> > Sunny
>
>

Bob Grommes

7/14/2004 4:50:00 AM

0

This is exactly why I think certification exams and the whole cottage industry surrounding them are a load of cr*p.

In the first place it''s a fallacy to suppose that you can accurately gauge software development skill by asking a bunch of multiple-choice questions. I''d rather have someone working for me that would flunk an exam for lack of having memorized a bunch of sterile facts, but who has common sense, good problem-solving skills, and knows how to RTFM, STFW, or pick up the blasted reference books next to his or her desk when confronted with something new or obscure.

Add to this sloppily worded questions with indifferent editing, like the example under consideration here, and you have yourself a real mess. Nothing infuriates me more than someone making judgments about my skills based on prose like this, that can''t even clearly frame the question. Time and again you find yourself thinking, not "what is the correct answer"? But rather, "I wonder what they''re fishing for?" A testee should never have to read the test author''s mind!

I am acquainted with how this stuff is developed; as a former seminar developer / instructor, I''ve been offered writing assignments through intermediary contractors for MSFT tests. I have three words to describe this process, at least the parts of it I''ve witnessed: Pa thet ic.

--Bob
"Greg" <gregjq@msn.com> wrote in message news:e1bubfTaEHA.3756@tk2msftngp13.phx.gbl...
Well, this question was from the Practice Exam of the Microsoft official study guide Developing XML Web Services and Server Components with Microsoft Visual Basic .NET and Microsoft Visual C# .NET for exam 70-310.

But apparently 3 Code Access security is the correct answer. The study guide says You can use code-access security to secure remote objects. But the study guide also mentions that If you host remote objects in IIS, you can use the security feature of IIS and SSL to secure remote objects. IIS hosting provides SSL, which allows you to secure messages sent to or received from remote objects. In addition, you can use Integrated Windows Authentication or Kerberos to secure the remote objects hosted in IIS.

So go figure.

"Ken Kolda" <ken.kolda@elliemae-nospamplease.com> wrote in message news:OkqrTjRaEHA.1840@TK2MSFTNGP11.phx.gbl...
> I agree with Sunny that this is pretty vaguely worded... it says you want to
> "restrict the resources a remote object can access" -- it doesn''t say
> anything about whether that''s based on the identity of the user invoking the
> object''s methods. So, to me, that implies code access security (i.e.
> independent of identity). But, since the server is in control of what
> objects get remoted, it would seem silly to remote an object that could
> perform operations you don''t want to allow.
>
> So, I''d probably go with #4, HttpChannel security, because this is what
> allows the client to pass to the server the identity info with the object''s
> method calls. But, I would think you''d use this in conjunction with
> role-based security on the server side.
>
> Ken
>
>
> "Sunny" <sunny@newsgroups.nospam> wrote in message
> news:e1vnkgOaEHA.808@tk2msftngp13.phx.gbl...
> > Hi Greg,
> >
> >
> > In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com
> > says...
> > > I have a sample question:
> > >
> > > You are creating a .NET remoting application for hosting on an IIS
> server.
> > > You need to restrict the resources a remote object can access on a
> computer.
> > > You implement ____ to control the resources a remote object can access
> on a
> > > computer. (Choose one correct option)
> > >
> > >
> > > 1.. Role-base security
> > > 2.. SSL security
> > > 3.. Code Access security
> > > 4.. HttpChannel Web Security
> > > What is the correct answer and why?
> > >
> > >
> > >
> >
> > I do not think that the question is very clear, but I''ll bet on Role-
> > base security. IIS hosted objects are running as ASPNET user by default,
> > or if impersonated, with some other user''s rights. And what a user can
> > do with machine resources is controlled by this users rights. I.e. role-
> > based security is the most right answer in my view.
> >
> > Sunny

Sunny

7/14/2004 2:12:00 PM

0

Yes, as we can see :)

Still the question is not very clear.

Sunny

In article <ez0AmsSaEHA.996@TK2MSFTNGP12.phx.gbl>, "Eric" <Eric> says...
> Sunny wrote:
>
> > SSL is only encryption, it does nothing to do with the rights a
> > process has over resources.
>
> That leaves us with CAS.
>
> Eric
>

Eric

7/14/2004 2:39:00 PM

0

Greg wrote:

> Well, this question was from the Practice Exam of the Microsoft
> official study guide

That explains why the question is weakly-worded.

I took the 70-320 test, and I don''t remember anything worded so vaguely.

Eric

Allen Anderson

7/15/2004 4:48:00 PM

0

my first inclination would be to use Role Base Security in this
instance. However, its more than likely code access security.

On Mon, 12 Jul 2004 21:54:15 -0600, "Greg" <gregjq@msn.com> wrote:

>I have a sample question:
>
>You are creating a .NET remoting application for hosting on an IIS server.
>You need to restrict the resources a remote object can access on a computer.
>You implement ____ to control the resources a remote object can access on a
>computer. (Choose one correct option)
>
>
> 1.. Role-base security
> 2.. SSL security
> 3.. Code Access security
> 4.. HttpChannel Web Security
>What is the correct answer and why?
>