471,328 Members | 1,891 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,328 software developers and data experts.

Remoting, IIS, Binary Formatter

I am working on a VB.NET application that uses remoting hosted inside on IIS.
I chose the binary formatter for this application because the only clients
that will be connecting to it are .NET based, as well as the fact that is
fast. My SQL database holds a table of users, passwords, and roles. With an
ASP.net application I can easily do a User.IsInRole("somerole") because of
forms authentication and keeping the roles info in an encrypted cookie. What
would be the best way for doing the same type of thing when hosting a remoted
object in IIS? Would I pass some encrypted credentials each time back to the
server, do a lookup each time, or can I store thses somewhere on the server?
Jul 21 '05 #1
1 1926

Welcome to MSDN newsgroup.
As for the How to do the authentication and stored the authentication token
within .net remoting application you mentioned, I think it also depends on
how you would configure your remote object. As singleton or SingleCall (I
assume that we will use WellKnown object, Server Activation). If you're
using singleton, since each remote method call will be invoked at the same
object, we can implement our own "One time" authentication mechanism. For
example, implement our own "remoting cookie" , when the first time client
reques the remote object, do the authentication and then return the
authentication ticket back to client(if client is validated). Then, all the
sequential request from that client will contains this ticket. Also, you
can alternatively store the authenticated info on the server ,such as
mantained an authenticated clients's lookup list, and check this list
before each method's invokation.

If you're choosing "SingleCall" , since each remote method call invoked on
different object, store info on server object may not be possbile.

In addition, I think you can even make this authentication operation in a
custom ChannelSink , so that
all the authentication and validation works will be finished in the Sink's
code rather than mixed with out component's code. You can refer to the
following article on such idea:


If there is anything unclear, please feel free to post here. Thanks,
Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
Jul 21 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Skip | last post: by
9 posts views Thread by Nak | last post: by
reply views Thread by =?Utf-8?B?U3RldmUgRw==?= | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.