Passing Credentials in .net Remoting

This is my first blog, so jumping straight to the point. One intresting thing that I wanted to share for which I have not seen much documentation but people spending long hours figuring this out is how to pass credentials in .net Remoting.
Basically there would be two kinds of scenarios:
1. Passing default credentials:
i.e if a user wants to pass  the windows credentials of the process along with the remoting request.In this scenario all you want to do is set the useDefaultCredentials property on the HttpChannel to true either programmatically:
channel = new HttpClientChannel(ChannelProps, ClientBinFormatter);
or through configuration file:
<channel ref="http" useDefaultCredentials="true" />

2. Passing custom Credentials:
If you want to specify the username, password at runtime and want to pass it with the remoting request. This has been different with .net 1.0 and .net 1.1.
.net 1.0 : All you want to do is set the credentials property on your HttpChannel and all remoting requests through this channel sink will use the specified credentials.
nICredential credObj = new NetworkCredential(userName,password,domain);
Properties["credentials"] = credObj;
HttpChannel hc = new HttpChannel(channelProperties,…, .... ); 1.1

nThis behavior is changed in .net 1.1 and now the credentials are needed to be set on each proxy, after you create it. This is easy when doing Server Activated object(SingleCall, Singleton). So for that you can easily do:

ICredential nc= new NetworkCredential(userName,password,domain);
nobject obj = Activator.GetObject (type, url);

nIDictionary dict = ChannelServices.GetChannelSinkProperties(obj);

n//set credentials on the proxy object

ndict["credentials"] = nc;


Setting credentials for CAO in .net 1.1
The catch with setting credentials on each proxy is that since Client activated objects sends a network request during 'new' or GetObject call, the credentials are already passed before you have your proxy. So to get around this problem if you want to pass custom credentials for CAO objects then we get the proxy to internal remoting object that is responsible for creating object on the server and set the credentials on that first.

1. CAO's are managed by internal Server objects so for CAOs we need to create a proxy to
Set credentials on ChannelSink of this internal proxy
2. Now when we register and create the CAO on the client, the 'new' call will use the credentials set on RemoteActivationService.rem proxy.
3. Get the Channelsink of the CAO proxy
4. Set Credentials on the CAO proxy

 This is how the sample code will look like:


//Get a proxy for RemoteActivationService.rem this is an //internal object for CAO's

object obj = Activator.GetObject(typeof(RemObjects.MathObject), "http://localhost:80/RemObjects/RemoteActivationService.rem");

IDictionary dict = ChannelServices.GetChannelSinkProperties(obj);

//set credentials on the proxy object

dict["credentials"] = nc;


//get instance of your object

objMath = new RemObjects.MathObject(128);

//get channel sink object for your object and set credentials on that

dict = ChannelServices.GetChannelSinkProperties(objMath);

dict["credentials"] = nc;


Feel free to give me a feedback on this.

Comments (5)

  1. Peter Drier says:

    Is it possible to pass the default credentials with a TCP channel? and if so, how?

    I’d love to be able to do the same thing with a client-server remoting app, but have yet to figure out how. I’d hate to add a "credentials" parameter to all of my publically remoted methods.


  2. Anant says:

    TcpChannel class does not have attributes to pass credentials, as it tries to be more like bare minimum TCP.

    But the good news is you can pass credentials as part of msg using Channel Sinks. So your client and server need not know anything about the security sinks.

    MSDN has a good sample showing how to do the same. Check this out:

    It has full example of how to pass credentials and authenticate using Channel sinks.

  3. John says:

    I have a remote object hosted in IIS on a computer outside the domain of where the client is running. And while I can communicate fine when anonymous access is enabled when I have it disabled and just integrated security I get, "The remote server returned an error: (401) Unauthorized."

    I have tried setting useDefaultCredentials="true" and then programatically setting Credentials but no such luck. What I really want is when a request go’s to the object for IIS to display the windows logon dialog box. This works fine in a normal ASP.NET app but not for remoting.

    If you have any thoughts it would be appreciated.


  4. Anant says:

    This happens with because you are using IE as the client. The same behavior happens with remoting client also, it will try with anonymous first, fail, then try again with credentials. The only difference is it does not pop up a message Box asking for credentials.

    So with remoting client you can do the same thing by catching the exception and throwing a message box to the UI asking for Username/password/domainname and then pass this as described in the article.

    Since remoting is a programming API not an end product like IE, you would need to handle this programmatically only.

  5. DaveG says:

    I realize this is very old post but for those who are still utilizing legacy .NET remoting with .NET 4.0 or later, “credentials” has been replaced with the 3 keys “username”, “password” and “domain”. I modified code to use these keys and all worked as expected for Server Activated object (Activator.GetObject(….))

Skip to main content