.NET remoting 1.1 TCP channels have NO security out of the box - you can plug in an SSPI provider (to which Ian is referring) into the sink chains to give you all the std. secure communication and authentication bits and pieces (this SSPI provider has been plugged in already in the v2.0 implementation of TCP .NET remoting)
If you start to perform integrated authentication by setting the UseDefaultCredentials config setting with a HTTP channel you'll get a drop in performance A Sample of the remote sspi http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/ht ml/remsspi.asp -----Original Message----- From: Unmoderated discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Ian Griffiths Sent: 29 August 2005 22:21 To: [email protected] Subject: Re: [ADVANCED-DOTNET] Reasons to use HTTP remoting Franklin Gray wrote: > Binary remoting is faster then HTTP remoting, I think someone already pointed this out, but that statement makes no sense. One of your remoting options is binary + HTTP! So presumably you're interested in TCP vs HTTP. (And not the orthogonal choice of binary vs XML.) > but there are times when HTTP is required. I want to make sure I > got this part right. > > 1) It is required when going through firewalls, correct > (without opening up dedicated ports)? Well you'll need to have at least one open port, even if it is port 80, the HTTP port. The main thing is that HTTP is often open already... But if the firewall admin is happy to accommodate you, you can definitely run TCP remoting through a firewall if it has been configured right. > 2) Although not required, it is helpful to use HTTP remoting > to utilized the security functions of IIS, correct? It's true that in .NET v1.1, the only remoting configuration with any form of security involves using the HTTP channel. Whether it meets your security requirements is something you need to examine though - it's absolutely *NOT* enough to say "I'm using HTTP, so I'm secure". By default, the HTTP channel offers no extra security. The HTTP channel enables you to use HTTPS if the server is hosted in IIS. So you can get encryption - that's one security function. I gather it's possible to do integrated authentication too, although I've never done it myself. If you can wait for Whidbey, it has an SSPI channel that provides integrated authentication and encryption without the need to rely on IIS. -- Ian Griffiths - http://www.interact-sw.co.uk/iangblog/ =================================== This list is hosted by DevelopMentor. http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
