Authorization support on remoting TCP channel

  • Article

This has been a common ask to add some authorization support on remoting channels. During Beta1 remoting added support for authentication and encryption on the TCP channel. In Beta2 there is a new feature which lets you authorize connections based on IP address or client identity. To authorize connections implement the following interface:

    public interface IAuthorizeRemotingConnection
{
bool IsConnectingEndPointAuthorized(EndPoint endPoint);
bool IsConnectingIdentityAuthorized(IIdentity identity);
}

IsConnectingEndPointAuthorized would be invoked each time a new connection is made to the server -- if the return is false the connection would be dropped. IsConnectingIdentityAuthorized will be invoked if authentication is enabled and it lets the server decide whether the connecting identity should be allowed to make requests to the server.

Use the new TcpServerChannel constructor public TcpServerChannel(IDictionary properties, IServerChannelSinkProvider sinkProvider, IAuthorizeRemotingConnection authorizeCallback) to plugin this interface. You could also do it through config using authorizationModule="authImpl, assemblyName"