Hi people! I don't know if it's supported under Mono, but you can read about SSPI over Remoting Channels:
http://community.bartdesmet.net/blogs/bart/archive/2006/08/26/4277.aspx The trick is simple but a bit underdocumented. First of all, since .NET 2.0 the TcpChannel (as well as the HttpChannel) supports SSPI as mentioned on MSDN. Furthermore there is a new RegisterChannel overload on the ChannelServices class that takes a boolean second parameter called "ensureSecurity". By turning this on (on both client and server) SSPI seems to work fine across the wire. Notice the one-parameter RegisterChannel method is marked as deprecated as of .NET 2.0. The documentation is rather simplistic: If the ensureSecurity parameter is set to true, the remoting system determines whether the channel implements ISecurableChannel, and if so, enables encryption and digital signatures. An exception is thrown if the channel does not implement ISecurableChannel. But as you can see, setting the flag does the trick. More info at: http://msdn.microsoft.com/en-us/library/4b3scst2.aspx Angel "Java" Lopez http://www.ajlopez.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Jordan Sent: Monday, June 23, 2008 9:34 AM To: [email protected] Subject: Re: [Mono-list] Authorization in .NET Remoting channel paszczi wrote: > Hi, > > I'm struggling to find a way of implementing authorization in .NET > remoting. The issue is that I've developed custom sink and I'm able > to pass some credentials which then can be authenticated by server. > But what I want to do is to check whether remote user who has called > shared object's method can in fact invoke it (using my custom > security framework). I've tried to pass custom principal/identity to > Thread.CrrentPrincipal - but somehow this is always empty > GenericIdentity (I've tried this on windows and I've only managed to > pass WindowsIdentity instead of empty one :(). Any suggestions - the > basic issue is how to get those credentials from sink to the remoted > object :) > You can inject the client identity in the current call context: client: // this is you sink's process message: ProcessMessage(IMessage msg, ....) { MethodCall mc = msg as MethodCall; if (mc != null) { mc.LogicalCallContext.SetData ("UserName", WindowsIdentity.GetCurrent ().Name); } } server: class SomeRemoteClass : MarshalByRefObject { public void Method () { Console.WriteLine (CallContext.GetData("UserName")); } } There might be another ways to do this, though. I'm just writing this down from weak memory ;-) Robert _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
