473,626 Members | 3,392 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

NTLM Question...

I am writing an application that uses Remoting that is
hosted within IIS. We have an SSL cert enabled on the
server. We are using windows authentication on this
remoting service. Everything works fine here in the
office however when I try from home for example the
application does not work because the credentials do not
match. How do I pass the credentials from my .NET
windows application to the IIS server running the remoted
object. Also is this encrypted because we are using SSL
or does this use challenge/response so things aren't sent
in plain text. I would hate to turn this service on
publically knowing that the encryption is not working.
Jul 21 '05 #1
5 1825
Hi Nicholas,

Thanks for your post. I asked one who expertise on this issue to reply this
thread. In the meantime, I recommend you the following MSDN articles on
..NET Remoting Security:

..NET Remoting Security Solution, Part 1: Microsoft.Sampl es.Security.SSP I
Assembly
http://msdn.microsoft.com/library/de...us/dndotnet/ht
ml/remsspi.asp

..NET Remoting Security Solution, Part 2:
Microsoft.Sampl es.Runtime.Remo ting.Security Assembly
http://msdn.microsoft.com/library/de...us/dndotnet/ht
ml/remsec.asp

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Jul 21 '05 #2
Hi Nicholas,

I need some more information and clarification.

First, here is my understanding of your question:
You have four computers involved as follows.
- IIS server at work
- remote application server at work
- your own workstation at work
- your own workstation at home

You have a windows application on your workstation which calls a .NET web
service on the IIS machine and the web service uses remoting to access a
windows application on the remote server. The web service and the remote
application both require windows authentication.

All this works normally when you are at work, but fails when you are at
home. You suspect that the problem is with authentication credentials not
being passed properly from the web service to the remote application.

Is this a correct problem description?

---
Do you get an error message? If yes, please post the error message.

What version of Windows are you using on each machine?

What language was each component written in?

At home, do you logon with the same user name and password as you do at
work?

How do you access your work network from home?
For example, is your web service on the internet & you just call into it?
Or, do you use virtual private networking to access you network at work?

Thank you, Mike
Microsoft, ASP.NET Support Professional

Microsoft highly recommends to all of our customers that they visit the
http://www.microsoft.com/protect site and perform the three straightforward
steps listed to improve your computer’s security.

This posting is provided "AS IS", with no warranties, and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Nicholas Then" <ni**@unitedagy .com>
Sender: "Nicholas Then" <ni**@unitedagy .com>
Subject: NTLM Question...
Date: Tue, 9 Dec 2003 07:20:37 -0800
Lines: 12
Message-ID: <09************ *************** *@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcO+Z/9psPN5MrogRIOlS 3NWzStOVw==
Newsgroups: microsoft.publi c.dotnet.genera l
Path: cpmsftngxa07.ph x.gbl
Xref: cpmsftngxa07.ph x.gbl microsoft.publi c.dotnet.genera l:117577
NNTP-Posting-Host: tk2msftngxa08.p hx.gbl 10.40.1.160
X-Tomcat-NG: microsoft.publi c.dotnet.genera l

I am writing an application that uses Remoting that is
hosted within IIS. We have an SSL cert enabled on the
server. We are using windows authentication on this
remoting service. Everything works fine here in the
office however when I try from home for example the
application does not work because the credentials do not
match. How do I pass the credentials from my .NET
windows application to the IIS server running the remoted
object. Also is this encrypted because we are using SSL
or does this use challenge/response so things aren't sent
in plain text. I would hate to turn this service on
publically knowing that the encryption is not working.


Jul 21 '05 #3
well to clearify a few things, I have a database, IIS Server which has
an assembly exposed over the internet, and my application. The assembly
talking to the database works just fine. The directory where the
assembly is exposed will only allow NTLM authentication, at least that
is how I have it set up. When a user makes a request from the
application it goes to the IIS server and from there to my database. I
know that the service works because on my local network there is no
problem. When I log onto my application without my domain, I have
captured the event that is returned when a user cannot log onto the
service. I then have a prompt appear which the user can type in his
network username and password to authenticate. I have SSL enabled on
the IIS server, but does it send the username and password on the same
SSL channel? Is there a better, more secure way to authenticate? I am
using remoting over HTTP instead of TCP so it is more firewall friendly.
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 21 '05 #4
Hi Nicolas,

To clarify your doubts, you are discussing two topics here authentication
and encryption, let me discuss each one by one:

1. Authentication: For a remote object that is placed in a Virtual
direcotry with only Integrated security checked.
All requests comming in, including remote instantiation and remote calls,
need to authenticate themselves to the IIS server.
You can configure the allow and deny list in the web.config file to
configure your server. From the client side you can use
useDefaultCrede ntials attribute to pass the credentials under which client
is running as a part of remoting request.
Or if you want to pass custom credentials then you can create any derived
class of ICredentials class(NetworkCr edential is most commonly used) to
give in the username, password and domain that you want to pass to the
server. With .net 1.1 you would need to set this on your transparent proxy
sink chain. As in following code:

NetworkCredenti al nc = new NetworkCredenti al(userName,pas sword,domain);
IDictionary ChannelProps = new Hashtable();
ChannelProps["port"] = "0";
HttpChannel channel = new HttpChannel(Cha nnelProps, ClientBinFormat ter,
ServerBinFormat ter);
ChannelServices .RegisterChanne l(channel);
RemObject X =
(RemObject)Acti vator.GetObject (typeof(RemObj. RemObject),"htt p://localhost/Re
mobj/RemObj.soap");
ChannelServices .GetChannelSink Properties(X)["credential s"]=nc;

Please refer the following article for more details:
http://msdn.microsoft.com/library/de...us/dnnetsec/ht
ml/THCMCh13.asp

all requests would be send with NTLM authentication so the username/pass is
never send in plaintext.

2. Encryption: if you use SSL then all data would be encrypted with the
server's certificate. this include all requests and responses.

Hope this clears your doubts,
thanks,
Anant Dimri

Jul 21 '05 #5
That helped a lot thank you :)

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 21 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
3
5140
NTLM failure
by: John Lee | last post by:
Hi, I have a virtual directory configured as "integrated windows authentication" and "anonymous acccess" is turned off. I can use IE to acccess that page but when I try to access the page using HttpWebRequest wr = (HttpWebRequest) System.Net.WebRequest.Create(url); wr.Credentials = CredentialCache.DefaultCredentials; HttpWebResponse resp = (System.Net.HttpWebResponse)wr.GetResponse();
C# / C Sharp
4
13358
WebProxy support NTLM?
by: vooose | last post by:
Consider accessing a webpage through a proxy server: WebRequest request = WebRequest.Create("http://somepage.com"); WebProxy proxy = new WebProxy(proxyHost, proxyPort); proxy.Credentials = new NetworkCredential(proxyUsername, proxyPassword); request.Proxy = proxy; Now suppose the *proxy server* authenticates using NTLM (somepage.com does NOT require any authentication its just a webpage). How does one
C# / C Sharp
5
323
NTLM Question...
by: Nicholas Then | last post by:
I am writing an application that uses Remoting that is hosted within IIS. We have an SSL cert enabled on the server. We are using windows authentication on this remoting service. Everything works fine here in the office however when I try from home for example the application does not work because the credentials do not match. How do I pass the credentials from my .NET windows application to the IIS server running the remoted object....
.NET Framework
4
8497
Add NTLM proxy authentication to urllib2
by: looping | last post by:
Hi, I have to make internet connections through an ISA proxy server that use NTLM or Kerberos authorization method. I've found a program in python called ntlmaps that act like a proxy and could make the NTLM authentication, but you have to run it and make all your connection through it, not an optimal solution. So what I really need is an enhanced urllib2 that support NTLM or Kerberos. I've found that pywin32 could manage NTLM encryption...
Python
1
6817
httplib/DAV: How to respond to "WWW-Authenticate: NTLM" ?
by: robert | last post by:
In a DAV scheme with PROPFIND or GET (PROPFIND /test/ HTTP/1.1) and Basic AUTH to a MS SharePoint over https server (AUTH required), he responds 'WWW-Authenticate: NTLM' only: reply: 'HTTP/1.1 401 Unauthorized\r\n' header: Content-Length: 1656 header: Content-Type: text/html header: Server: Microsoft-IIS/6.0 header: WWW-Authenticate: NTLM header: X-Powered-By: ASP.NET
Python
3
7084
NTLM Proxy Authorization
by: George Vasiliou | last post by:
Hi to all, I have made up a small client / server application with WinSock (port 443) at VB6. I have install server in my Home, and client is running behind a proxy server. Client cannot reach server, because proxy requires NTLM Authorization before redirecting.
Visual Basic 4 / 5 / 6
40
7568
NTLM authentication
by: webrod | last post by:
Dear All, let's say I have a web service. I would like to authenticate users who try to access it. I am on a winnt server so I will have to use NTLM but I don't want to use IIS settings. Is there a way to authenticate a user using WSE 3.0 against NTLM?? All the samples I have found on the web provide a solution based on
C# / C Sharp
1
2716
NTLM APS python version 0.98
by: pycraze | last post by:
Hi , I am working on NTLM (Windows NT Lan Manager )APS (Authentication Proxy Server ) , to port to C language . I am using ethereal to monitor the packets sent between client and server . NTLM is a MS proprietary protocol designed so that will allow authentication only from MS browsers . This proprietary was cracked and code was written in python by
Python
2
8158
HttpWebRequest over Https Via Proxy Fails using NTLM
by: =?Utf-8?B?TGVuc3Rlcg==?= | last post by:
A C# (.NET 2) application which uses the System.Net.HttpWebRequest object to request a resource over HTTPS is failing following the installation of a new proxy server on our internal network with 407 Proxy Authentication Required. The same request through the old proxy succeeds. The same request to an HTTP address through the new proxy succeeds. Also, the request succeeds when forced to use Basic authentication but fails on NTLM.
ASP.NET
0
8262
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
8196
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
8701
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
8637
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
8364
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
4196
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
2623
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
1
1807
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
2
1507
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us