Hi Nicolas,
To clarify your doubts, you are discussing two topics here authentication
and encryption, let me discuss each one by one:
1. Authentication: For a remote object that is placed in a Virtual
direcotry with only Integrated security checked.
All requests comming in, including remote instantiation and remote calls,
need to authenticate themselves to the IIS server.
You can configure the allow and deny list in the web.config file to
configure your server. From the client side you can use
useDefaultCredentials attribute to pass the credentials under which client
is running as a part of remoting request.
Or if you want to pass custom credentials then you can create any derived
class of ICredentials class(NetworkCredential is most commonly used) to
give in the username, password and domain that you want to pass to the
server. With .net 1.1 you would need to set this on your transparent proxy
sink chain. As in following code:
NetworkCredential nc = new NetworkCredential(userName,password,domain);
IDictionary ChannelProps = new Hashtable();
ChannelProps["port"] = "0";
HttpChannel channel = new HttpChannel(ChannelProps, ClientBinFormatter,
ServerBinFormatter);
ChannelServices.RegisterChannel(channel);
RemObject X =
(RemObject)Activator.GetObject(typeof(RemObj.RemOb ject),"http://localhost/Re
mobj/RemObj.soap");
ChannelServices.GetChannelSinkProperties(X)["credentials"]=nc;
Please refer the following article for more details:
http://msdn.microsoft.com/library/de...us/dnnetsec/ht
ml/THCMCh13.asp
all requests would be send with NTLM authentication so the username/pass is
never send in plaintext.
2. Encryption: if you use SSL then all data would be encrypted with the
server's certificate. this include all requests and responses.
Hope this clears your doubts,
thanks,
Anant Dimri