Passing Credentials in .net Remoting


This is my first blog, so jumping straight to the point. One intresting thing that I wanted to share for which I have not seen much documentation but people spending long hours figuring this out is how to pass credentials in .net Remoting.
Basically there would be two kinds of scenarios:
1. Passing default credentials:
i.e if a user wants to pass  the windows credentials of the process along with the remoting request.In this scenario all you want to do is set the useDefaultCredentials property on the HttpChannel to true either programmatically:
props[“useDefaultCredentials“]=“true“
channel = new HttpClientChannel(ChannelProps, ClientBinFormatter);
or through configuration file:
<channel ref=”http” useDefaultCredentials=”true” />


2. Passing custom Credentials:
If you want to specify the username, password at runtime and want to pass it with the remoting request. This has been different with .net 1.0 and .net 1.1.
.net 1.0 : All you want to do is set the credentials property on your HttpChannel and all remoting requests through this channel sink will use the specified credentials.
nICredential credObj = new NetworkCredential(userName,password,domain);
Properties[“credentials”] = credObj;
HttpChannel hc = new HttpChannel(channelProperties,…, …. );



n.net 1.1

nThis behavior is changed in .net 1.1 and now the credentials are needed to be set on each proxy, after you create it. This is easy when doing Server Activated object(SingleCall, Singleton). So for that you can easily do:

ICredential nc= new NetworkCredential(userName,password,domain);
nobject obj = Activator.GetObject (type, url);

nIDictionary dict = ChannelServices.GetChannelSinkProperties(obj);

n//set credentials on the proxy object

ndict[“credentials”] = nc;

 

Setting credentials for CAO in .net 1.1
The catch with setting credentials on each proxy is that since Client activated objects sends a network request during ‘new’ or GetObject call, the credentials are already passed before you have your proxy. So to get around this problem if you want to pass custom credentials for CAO objects then we get the proxy to internal remoting object that is responsible for creating object on the server and set the credentials on that first.


Comments (7)

  1. Anonymous says:

    Is it possible to pass the default credentials with a TCP channel? and if so, how?

    I’d love to be able to do the same thing with a client-server remoting app, but have yet to figure out how. I’d hate to add a "credentials" parameter to all of my publically remoted methods.

    Peter

  2. Anonymous says:

    TcpChannel class does not have attributes to pass credentials, as it tries to be more like bare minimum TCP.

    But the good news is you can pass credentials as part of msg using Channel Sinks. So your client and server need not know anything about the security sinks.

    MSDN has a good sample showing how to do the same. Check this out:

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/remsspi.asp

    It has full example of how to pass credentials and authenticate using Channel sinks.

  3. Anonymous says:

    I have a remote object hosted in IIS on a computer outside the domain of where the client is running. And while I can communicate fine when anonymous access is enabled when I have it disabled and just integrated security I get, "The remote server returned an error: (401) Unauthorized."

    I have tried setting useDefaultCredentials="true" and then programatically setting Credentials but no such luck. What I really want is when a request go’s to the object for IIS to display the windows logon dialog box. This works fine in a normal ASP.NET app but not for remoting.

    If you have any thoughts it would be appreciated.

    John

  4. Anonymous says:

    This happens with ASP.net because you are using IE as the client. The same behavior happens with remoting client also, it will try with anonymous first, fail, then try again with credentials. The only difference is it does not pop up a message Box asking for credentials.

    So with remoting client you can do the same thing by catching the exception and throwing a message box to the UI asking for Username/password/domainname and then pass this as described in the article.

    Since remoting is a programming API not an end product like IE, you would need to handle this programmatically only.

  5. Anonymous says:

    passthe url that waswritten toyou