473,321 Members | 1,622 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,321 software developers and data experts.

NTLM Question...

I am writing an application that uses Remoting that is
hosted within IIS. We have an SSL cert enabled on the
server. We are using windows authentication on this
remoting service. Everything works fine here in the
office however when I try from home for example the
application does not work because the credentials do not
match. How do I pass the credentials from my .NET
windows application to the IIS server running the remoted
object. Also is this encrypted because we are using SSL
or does this use challenge/response so things aren't sent
in plain text. I would hate to turn this service on
publically knowing that the encryption is not working.
Jul 21 '05 #1
5 1799
Hi Nicholas,

Thanks for your post. I asked one who expertise on this issue to reply this
thread. In the meantime, I recommend you the following MSDN articles on
..NET Remoting Security:

..NET Remoting Security Solution, Part 1: Microsoft.Samples.Security.SSPI
Assembly
http://msdn.microsoft.com/library/de...us/dndotnet/ht
ml/remsspi.asp

..NET Remoting Security Solution, Part 2:
Microsoft.Samples.Runtime.Remoting.Security Assembly
http://msdn.microsoft.com/library/de...us/dndotnet/ht
ml/remsec.asp

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Jul 21 '05 #2
Hi Nicholas,

I need some more information and clarification.

First, here is my understanding of your question:
You have four computers involved as follows.
- IIS server at work
- remote application server at work
- your own workstation at work
- your own workstation at home

You have a windows application on your workstation which calls a .NET web
service on the IIS machine and the web service uses remoting to access a
windows application on the remote server. The web service and the remote
application both require windows authentication.

All this works normally when you are at work, but fails when you are at
home. You suspect that the problem is with authentication credentials not
being passed properly from the web service to the remote application.

Is this a correct problem description?

---
Do you get an error message? If yes, please post the error message.

What version of Windows are you using on each machine?

What language was each component written in?

At home, do you logon with the same user name and password as you do at
work?

How do you access your work network from home?
For example, is your web service on the internet & you just call into it?
Or, do you use virtual private networking to access you network at work?

Thank you, Mike
Microsoft, ASP.NET Support Professional

Microsoft highly recommends to all of our customers that they visit the
http://www.microsoft.com/protect site and perform the three straightforward
steps listed to improve your computer’s security.

This posting is provided "AS IS", with no warranties, and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Nicholas Then" <ni**@unitedagy.com>
Sender: "Nicholas Then" <ni**@unitedagy.com>
Subject: NTLM Question...
Date: Tue, 9 Dec 2003 07:20:37 -0800
Lines: 12
Message-ID: <09****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcO+Z/9psPN5MrogRIOlS3NWzStOVw==
Newsgroups: microsoft.public.dotnet.general
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.general:117577
NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10.40.1.160
X-Tomcat-NG: microsoft.public.dotnet.general

I am writing an application that uses Remoting that is
hosted within IIS. We have an SSL cert enabled on the
server. We are using windows authentication on this
remoting service. Everything works fine here in the
office however when I try from home for example the
application does not work because the credentials do not
match. How do I pass the credentials from my .NET
windows application to the IIS server running the remoted
object. Also is this encrypted because we are using SSL
or does this use challenge/response so things aren't sent
in plain text. I would hate to turn this service on
publically knowing that the encryption is not working.


Jul 21 '05 #3
well to clearify a few things, I have a database, IIS Server which has
an assembly exposed over the internet, and my application. The assembly
talking to the database works just fine. The directory where the
assembly is exposed will only allow NTLM authentication, at least that
is how I have it set up. When a user makes a request from the
application it goes to the IIS server and from there to my database. I
know that the service works because on my local network there is no
problem. When I log onto my application without my domain, I have
captured the event that is returned when a user cannot log onto the
service. I then have a prompt appear which the user can type in his
network username and password to authenticate. I have SSL enabled on
the IIS server, but does it send the username and password on the same
SSL channel? Is there a better, more secure way to authenticate? I am
using remoting over HTTP instead of TCP so it is more firewall friendly.
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 21 '05 #4
Hi Nicolas,

To clarify your doubts, you are discussing two topics here authentication
and encryption, let me discuss each one by one:

1. Authentication: For a remote object that is placed in a Virtual
direcotry with only Integrated security checked.
All requests comming in, including remote instantiation and remote calls,
need to authenticate themselves to the IIS server.
You can configure the allow and deny list in the web.config file to
configure your server. From the client side you can use
useDefaultCredentials attribute to pass the credentials under which client
is running as a part of remoting request.
Or if you want to pass custom credentials then you can create any derived
class of ICredentials class(NetworkCredential is most commonly used) to
give in the username, password and domain that you want to pass to the
server. With .net 1.1 you would need to set this on your transparent proxy
sink chain. As in following code:

NetworkCredential nc = new NetworkCredential(userName,password,domain);
IDictionary ChannelProps = new Hashtable();
ChannelProps["port"] = "0";
HttpChannel channel = new HttpChannel(ChannelProps, ClientBinFormatter,
ServerBinFormatter);
ChannelServices.RegisterChannel(channel);
RemObject X =
(RemObject)Activator.GetObject(typeof(RemObj.RemOb ject),"http://localhost/Re
mobj/RemObj.soap");
ChannelServices.GetChannelSinkProperties(X)["credentials"]=nc;

Please refer the following article for more details:
http://msdn.microsoft.com/library/de...us/dnnetsec/ht
ml/THCMCh13.asp

all requests would be send with NTLM authentication so the username/pass is
never send in plaintext.

2. Encryption: if you use SSL then all data would be encrypted with the
server's certificate. this include all requests and responses.

Hope this clears your doubts,
thanks,
Anant Dimri

Jul 21 '05 #5
That helped a lot thank you :)

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 21 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: John Lee | last post by:
Hi, I have a virtual directory configured as "integrated windows authentication" and "anonymous acccess" is turned off. I can use IE to acccess that page but when I try to access the page using...
4
by: vooose | last post by:
Consider accessing a webpage through a proxy server: WebRequest request = WebRequest.Create("http://somepage.com"); WebProxy proxy = new WebProxy(proxyHost, proxyPort); proxy.Credentials = new...
5
by: Nicholas Then | last post by:
I am writing an application that uses Remoting that is hosted within IIS. We have an SSL cert enabled on the server. We are using windows authentication on this remoting service. Everything...
4
by: looping | last post by:
Hi, I have to make internet connections through an ISA proxy server that use NTLM or Kerberos authorization method. I've found a program in python called ntlmaps that act like a proxy and could...
1
by: robert | last post by:
In a DAV scheme with PROPFIND or GET (PROPFIND /test/ HTTP/1.1) and Basic AUTH to a MS SharePoint over https server (AUTH required), he responds 'WWW-Authenticate: NTLM' only: reply: 'HTTP/1.1...
3
by: George Vasiliou | last post by:
Hi to all, I have made up a small client / server application with WinSock (port 443) at VB6. I have install server in my Home, and client is running behind a proxy server. Client cannot...
40
by: webrod | last post by:
Dear All, let's say I have a web service. I would like to authenticate users who try to access it. I am on a winnt server so I will have to use NTLM but I don't want to use IIS settings. Is...
1
by: pycraze | last post by:
Hi , I am working on NTLM (Windows NT Lan Manager )APS (Authentication Proxy Server ) , to port to C language . I am using ethereal to monitor the packets sent between client and server ....
2
by: =?Utf-8?B?TGVuc3Rlcg==?= | last post by:
A C# (.NET 2) application which uses the System.Net.HttpWebRequest object to request a resource over HTTPS is failing following the installation of a new proxy server on our internal network with...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.