Hi,
I have to develop an application that will consist of a service and a
windows forms application... the service could be on a distant server but I
need to authenticate the user as being part of the same domain. so when the
application starts, I can send something to the remote service and query for
some objects and the service can give me the objects if I'm the right user
(part of the right group). I don't want to send username and password nor
password hash over the network so if there is a better way (just like SQL
server does or many other apps), I would like to know it (maybe if you have
a link)
Thanks
ThunderMusic
13  2680 
ThunderMusic,
Not easily. You can host your remoted objects in IIS, and then it would
use the authentication mechanism that you have configured in IIS.
Also, I believe this will force you to design your objects in a certain
way (for stateless calls, since the mechanism for HTTP is stateless). I
could be wrong here.
I would honestly not use or recommend remoting as a distributed object
technology. If you have to develop your app now (meaning, get it out the
door tomorrow), then I would suggest using COM+/Enterprise Services.
If you have some time to spare, and don't mind developing with
pre-release software, I would look into Windows Communication Foundation.
Either way, remoting is a dead-end in my book.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:eR**************@TK2MSFTNGP04.phx.gbl...
Hi,
I have to develop an application that will consist of a service and a
windows forms application... the service could be on a distant server but
I need to authenticate the user as being part of the same domain. so when
the application starts, I can send something to the remote service and
query for some objects and the service can give me the objects if I'm the
right user (part of the right group). I don't want to send username and
password nor password hash over the network so if there is a better way
(just like SQL server does or many other apps), I would like to know it
(maybe if you have a link)
Thanks
ThunderMusic
ThunderMusic wrote:
Hi,
I have to develop an application that will consist of a service and a
windows forms application... the service could be on a distant server but
I need to authenticate the user as being part of the same domain. so when
the application starts, I can send something to the remote service and
query for some objects and the service can give me the objects if I'm the
right user (part of the right group). I don't want to send username and
password nor password hash over the network so if there is a better way
(just like SQL server does or many other apps), I would like to know it
(maybe if you have a link)
Thanks
ThunderMusic
Hi ThunderMusic,
This may be of help:
<UrlWillWrap> http://msdn.microsoft.com/library/de...SecNetch11.asp
</UrlWillWrap>
--
Hope this helps,
Tom Spink
Ok, I found the WindowsPrincipal class, and it's serializable. Does an
instance of this class guaranty the user is logged on a computer and has
been authenticated or is there a way to query the domain server if the user
is a rightful user? I mean, I must be sure the user making the request (or
query) is who he claims to be and is logged on the domain. My app does not
allow impersonnation, but I don't want anybody trying to impersonnate
someone on my network and claim being, let's say, the president of the
company and start making anything he wants with the remote objects... you
know what I mean? I need a way to secure things so only an authenticated
user or a user I can authenticate can have access to the objects the service
is providing. And I definitly need to know the domain groups this user
belongs to...
Thanks
ThunderMusic
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:eR**************@TK2MSFTNGP04.phx.gbl...
Hi,
I have to develop an application that will consist of a service and a
windows forms application... the service could be on a distant server but
I need to authenticate the user as being part of the same domain. so when
the application starts, I can send something to the remote service and
query for some objects and the service can give me the objects if I'm the
right user (part of the right group). I don't want to send username and
password nor password hash over the network so if there is a better way
(just like SQL server does or many other apps), I would like to know it
(maybe if you have a link)
Thanks
ThunderMusic
ThunderMusic,
Unfortunately, no, it does not allow that. All it is is a
representation of a user. Anyone could theoretically make one and send it
to you. It doesn't tell you if it is logged on or not.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:uh**************@TK2MSFTNGP05.phx.gbl...
Ok, I found the WindowsPrincipal class, and it's serializable. Does an
instance of this class guaranty the user is logged on a computer and has
been authenticated or is there a way to query the domain server if the
user is a rightful user? I mean, I must be sure the user making the
request (or query) is who he claims to be and is logged on the domain. My
app does not allow impersonnation, but I don't want anybody trying to
impersonnate someone on my network and claim being, let's say, the
president of the company and start making anything he wants with the
remote objects... you know what I mean? I need a way to secure things so
only an authenticated user or a user I can authenticate can have access to
the objects the service is providing. And I definitly need to know the
domain groups this user belongs to...
Thanks
ThunderMusic
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:eR**************@TK2MSFTNGP04.phx.gbl...
>Hi,
I have to develop an application that will consist of a service and a
windows forms application... the service could be on a distant server
but I need to authenticate the user as being part of the same domain. so
when the application starts, I can send something to the remote service
and query for some objects and the service can give me the objects if I'm
the right user (part of the right group). I don't want to send username
and password nor password hash over the network so if there is a better
way (just like SQL server does or many other apps), I would like to know
it (maybe if you have a link)
Thanks
ThunderMusic
Just check on the client, put a strong name on the client. You can event do
some link demands.
Schneider
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:eR**************@TK2MSFTNGP04.phx.gbl...
Hi,
I have to develop an application that will consist of a service and a
windows forms application... the service could be on a distant server but
I
need to authenticate the user as being part of the same domain. so when
the
application starts, I can send something to the remote service and query
for
some objects and the service can give me the objects if I'm the right user
(part of the right group). I don't want to send username and password nor
password hash over the network so if there is a better way (just like SQL
server does or many other apps), I would like to know it (maybe if you
have
a link)
Thanks
ThunderMusic
ok, so is there a way I can get the token Windows send us when we log on and
send it to my service so the service can verify with the domain server if
this token is valid?
thanks
ThunderMusic
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.comwrote in
message news:OP**************@TK2MSFTNGP05.phx.gbl...
ThunderMusic,
Unfortunately, no, it does not allow that. All it is is a
representation of a user. Anyone could theoretically make one and send it
to you. It doesn't tell you if it is logged on or not.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:uh**************@TK2MSFTNGP05.phx.gbl...
>Ok, I found the WindowsPrincipal class, and it's serializable. Does an
instance of this class guaranty the user is logged on a computer and has
been authenticated or is there a way to query the domain server if the
user is a rightful user? I mean, I must be sure the user making the
request (or query) is who he claims to be and is logged on the domain. My
app does not allow impersonnation, but I don't want anybody trying to
impersonnate someone on my network and claim being, let's say, the
president of the company and start making anything he wants with the
remote objects... you know what I mean? I need a way to secure things
so only an authenticated user or a user I can authenticate can have
access to the objects the service is providing. And I definitly need to
know the domain groups this user belongs to...
Thanks
ThunderMusic
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:eR**************@TK2MSFTNGP04.phx.gbl...
>>Hi,
I have to develop an application that will consist of a service and a
windows forms application... the service could be on a distant server
but I need to authenticate the user as being part of the same domain. so
when the application starts, I can send something to the remote service
and query for some objects and the service can give me the objects if
I'm the right user (part of the right group). I don't want to send
username and password nor password hash over the network so if there is
a better way (just like SQL server does or many other apps), I would
like to know it (maybe if you have a link)
Thanks
ThunderMusic
ok, I answered a part of my question :
System.Security.Principal.WindowsIdentity.GetCurre nt().Token.... So now is
there a way I can deal with this in my service? can I sen the Windows
Identity instance over remoting?
thanks
ThunderMusic
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:OA**************@TK2MSFTNGP04.phx.gbl...
ok, so is there a way I can get the token Windows send us when we log on
and send it to my service so the service can verify with the domain server
if this token is valid?
thanks
ThunderMusic
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.comwrote
in message news:OP**************@TK2MSFTNGP05.phx.gbl...
>ThunderMusic,
Unfortunately, no, it does not allow that. All it is is a
representation of a user. Anyone could theoretically make one and send
it to you. It doesn't tell you if it is logged on or not.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:uh**************@TK2MSFTNGP05.phx.gbl...
>>Ok, I found the WindowsPrincipal class, and it's serializable. Does an
instance of this class guaranty the user is logged on a computer and has
been authenticated or is there a way to query the domain server if the
user is a rightful user? I mean, I must be sure the user making the
request (or query) is who he claims to be and is logged on the domain.
My app does not allow impersonnation, but I don't want anybody trying to
impersonnate someone on my network and claim being, let's say, the
president of the company and start making anything he wants with the
remote objects... you know what I mean? I need a way to secure things
so only an authenticated user or a user I can authenticate can have
access to the objects the service is providing. And I definitly need to
know the domain groups this user belongs to...
Thanks
ThunderMusic
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:eR**************@TK2MSFTNGP04.phx.gbl...
Hi,
I have to develop an application that will consist of a service and a
windows forms application... the service could be on a distant server
but I need to authenticate the user as being part of the same domain.
so when the application starts, I can send something to the remote
service and query for some objects and the service can give me the
objects if I'm the right user (part of the right group). I don't want
to send username and password nor password hash over the network so if
there is a better way (just like SQL server does or many other apps), I
would like to know it (maybe if you have a link)
Thanks
ThunderMusic
ThunderMusic,
I have to ask, why not use one of the two solutions I posted earlier?
Trying to do this yourself will lead to a good number of holes in your
solution.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:O1****************@TK2MSFTNGP05.phx.gbl...
ok, I answered a part of my question :
System.Security.Principal.WindowsIdentity.GetCurre nt().Token.... So now
is there a way I can deal with this in my service? can I sen the Windows
Identity instance over remoting?
thanks
ThunderMusic
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:OA**************@TK2MSFTNGP04.phx.gbl...
>ok, so is there a way I can get the token Windows send us when we log on
and send it to my service so the service can verify with the domain
server if this token is valid?
thanks
ThunderMusic
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.comwrote
in message news:OP**************@TK2MSFTNGP05.phx.gbl...
>>ThunderMusic,
Unfortunately, no, it does not allow that. All it is is a
representation of a user. Anyone could theoretically make one and send
it to you. It doesn't tell you if it is logged on or not.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:uh**************@TK2MSFTNGP05.phx.gbl...
Ok, I found the WindowsPrincipal class, and it's serializable. Does an
instance of this class guaranty the user is logged on a computer and
has been authenticated or is there a way to query the domain server if
the user is a rightful user? I mean, I must be sure the user making the
request (or query) is who he claims to be and is logged on the domain.
My app does not allow impersonnation, but I don't want anybody trying
to impersonnate someone on my network and claim being, let's say, the
president of the company and start making anything he wants with the
remote objects... you know what I mean? I need a way to secure things
so only an authenticated user or a user I can authenticate can have
access to the objects the service is providing. And I definitly need to
know the domain groups this user belongs to...
Thanks
ThunderMusic
"ThunderMusic" <No*************************@NoSpAm.comwrote in
message news:eR**************@TK2MSFTNGP04.phx.gbl...
Hi,
>
I have to develop an application that will consist of a service and a
windows forms application... the service could be on a distant server
but I need to authenticate the user as being part of the same domain.
so when the application starts, I can send something to the remote
service and query for some objects and the service can give me the
objects if I'm the right user (part of the right group). I don't want
to send username and password nor password hash over the network so if
there is a better way (just like SQL server does or many other apps),
I would like to know it (maybe if you have a link)
>
Thanks
>
ThunderMusic
>
You may want to investigate the MSDN sample about using SSPI with remoting,
it should do exactly what you are wanting to do http://msdn.microsoft.com/webservice...ml/remsspi.asp
-Robert
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:eR**************@TK2MSFTNGP04.phx.gbl...
Hi,
I have to develop an application that will consist of a service and a
windows forms application... the service could be on a distant server but
I need to authenticate the user as being part of the same domain. so when
the application starts, I can send something to the remote service and
query for some objects and the service can give me the objects if I'm the
right user (part of the right group). I don't want to send username and
password nor password hash over the network so if there is a better way
(just like SQL server does or many other apps), I would like to know it
(maybe if you have a link)
Thanks
ThunderMusic
because WCF is still beta and the enterprise I work for avoid using beta
versions because they had big problems with them in the past... and not
COM+ because noone knows anything about it here... the only thing we know
is remoting... even if it's "a dead technology" we can't afford using WCF
and have eventual problems. Our apps will stay local to the enterprise and
is not targeted to the public, but we just want to make sure that noone will
be able to clone one of our users from the domain... (well, at least, as
most as possible)
maybe if you have some link I can look at to start using COM+/Enterprise
Services.... Is it as easy as Remoting? I mean, providing the client app
with interfaces and then get a remote copy of the object and calling the
interfaces methods? (We would work by marshaling, not as WellKnownObjects)
thanks
ThunderMusic
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.comwrote in
message news:Ou**************@TK2MSFTNGP04.phx.gbl...
ThunderMusic,
I have to ask, why not use one of the two solutions I posted earlier?
Trying to do this yourself will lead to a good number of holes in your
solution.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:O1****************@TK2MSFTNGP05.phx.gbl...
>ok, I answered a part of my question :
System.Security.Principal.WindowsIdentity.GetCurr ent().Token.... So now
is there a way I can deal with this in my service? can I sen the Windows
Identity instance over remoting?
thanks
ThunderMusic
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:OA**************@TK2MSFTNGP04.phx.gbl...
>>ok, so is there a way I can get the token Windows send us when we log on
and send it to my service so the service can verify with the domain
server if this token is valid?
thanks
ThunderMusic
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.comwrote
in message news:OP**************@TK2MSFTNGP05.phx.gbl...
ThunderMusic,
Unfortunately, no, it does not allow that. All it is is a
representation of a user. Anyone could theoretically make one and send
it to you. It doesn't tell you if it is logged on or not.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"ThunderMusic" <No*************************@NoSpAm.comwrote in
message news:uh**************@TK2MSFTNGP05.phx.gbl...
Ok, I found the WindowsPrincipal class, and it's serializable. Does an
instance of this class guaranty the user is logged on a computer and
has been authenticated or is there a way to query the domain server if
the user is a rightful user? I mean, I must be sure the user making
the request (or query) is who he claims to be and is logged on the
domain. My app does not allow impersonnation, but I don't want anybody
trying to impersonnate someone on my network and claim being, let's
say, the president of the company and start making anything he wants
with the remote objects... you know what I mean? I need a way to
secure things so only an authenticated user or a user I can
authenticate can have access to the objects the service is providing.
And I definitly need to know the domain groups this user belongs to...
>
Thanks
>
ThunderMusic
>
"ThunderMusic" <No*************************@NoSpAm.comwrote in
message news:eR**************@TK2MSFTNGP04.phx.gbl...
>Hi,
>>
>I have to develop an application that will consist of a service and a
>windows forms application... the service could be on a distant
>server but I need to authenticate the user as being part of the same
>domain. so when the application starts, I can send something to the
>remote service and query for some objects and the service can give me
>the objects if I'm the right user (part of the right group). I don't
>want to send username and password nor password hash over the network
>so if there is a better way (just like SQL server does or many other
>apps), I would like to know it (maybe if you have a link)
>>
>Thanks
>>
>ThunderMusic
>>
>
>
seems pretty interesting... I'll read it and give you feedback as if it
helped me, but I think it will.. ;) thanks a lot
ThunderMusic
"Robert Ginsburg" <ro*************@ver3.comwrote in message
news:ew**************@TK2MSFTNGP03.phx.gbl...
You may want to investigate the MSDN sample about using SSPI with
remoting, it should do exactly what you are wanting to do
http://msdn.microsoft.com/webservice...ml/remsspi.asp
-Robert
"ThunderMusic" <No*************************@NoSpAm.comwrote in message
news:eR**************@TK2MSFTNGP04.phx.gbl...
>Hi,
I have to develop an application that will consist of a service and a
windows forms application... the service could be on a distant server
but I need to authenticate the user as being part of the same domain. so
when the application starts, I can send something to the remote service
and query for some objects and the service can give me the objects if I'm
the right user (part of the right group). I don't want to send username
and password nor password hash over the network so if there is a better
way (just like SQL server does or many other apps), I would like to know
it (maybe if you have a link)
Thanks
ThunderMusic
"ThunderMusic" <No*************************@NoSpAm.comwrote in
news:uC**************@TK2MSFTNGP03.phx.gbl:
the only thing we know
is remoting... even if it's "a dead technology"
Remoting isn't really dead... in fact it's part of WCF :)
I would honestly not use or recommend remoting as a distributed object
technology. If you have to develop your app now (meaning, get it out the
door tomorrow), then I would suggest using COM+/Enterprise Services.
Remoting isn't a distributed object technology; it's a communication
protocol. In fact for .net to .net comms on lan, the recommendation is
to use remoting AND com+/es.
- Oisin This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Bob Everland |
last post by:
I have an application that is ISAPI and the only way to
secure it is through NT permissions. I need to have a way
to login to windows authentication so that when I get to
the ISAPI application no...
|
by: Moty Michaely |
last post by:
Hello,
Can anyone please help me finding a good way to develop a c# winforms
application client for a pre-developed windows service?
Should I use wse2 with tcp protocol? Bu I still have win98...
|
by: Andrew |
last post by:
Hey all,
I would like to preface my question by stating I am still learning ASP.net
and while I am confident in the basics and foundation, the more advanced
stuff is still a challenge. Ok....
|
by: Stephajn Craig |
last post by:
Is it possible to apply remoting techniques to a Windows Service
Application?
I have an application that I'm building that is primarily ASP.NET based.
However, there are some functions that I...
|
by: Brian Patrick |
last post by:
I have an application model which will consist of a front-end
configuration application, which needs to control the state of a
back-end vb.net windows service (which is the component that does all...
|
by: Steve Amey |
last post by:
Hi all
Is it possible to retrieve data from a Windows Service? Let's say I have a
service that contains code in the OnStart method that creates a DataSet,
from a client application I'm using a...
|
by: UJ |
last post by:
Is there any way for a windows service to start a windows program ? I have a
service that will need to restart a windows app if it needs to.
TIA - Jeff.
|
by: ThunderMusic |
last post by:
Hi,
I have to develop an application that will consist of a service and a
windows forms application... the service could be on a distant server but I
need to authenticate the user as being part...
|
by: Mike9900 |
last post by:
Hello,
I am getting SqlDateTime overflow if I use .NET remoting on Windows XP and
Windows XP is the server where the SQL server is located at. If my computer
is Windows 2003 where the sql...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
