Hi!
What are the options for securing remote objects, which are accessible
through IIS, when you have an application deployed on the same server,
which uses custom Forms authentication?
Scenario:
Server hosts app a, which is configured as: authentication:Forms,
authorization: deny users="?".
Now, for Remoting to work, I had to specify that the remoting URI
(RemotableObject.rem) requires no authorization, so IIS let the request
through. Since this object return reference to another object, IIS
(ASP.NET) creates a temporary link to this remote object, which of
course can not be known in advance and the request thus fails. The URI
is, for instance like this:
/ff1338e5_a46f_4577_af4c_726910d1a39f/9AqnyvYRtRnG8Ai_7Q+5KSYG_80.rem
Two questions:
1) how to configure IIS (ASP.NET application) to let the remoting
requests through
2) how to configure IIS (and remoting app) to be secure? (once the
requests will go through).
I guess that one can not mix windows authentication for remoting and
custom forms authentication for "regular asp.net" application.
And the two (asp.net app & remoting objects) have to be deployed within
the same application, since remoting object is used to expose some of
the asp.net application functionality.
Pointers appreciated.
Rgds,
Miha
