2008年6月6日

[.Net][Remoting]Impersonate client user on Remoting server

Sometimes you need to simulate client user on server operations, with .Net Remoting, this can be done in simple steps.

On the server side, we have to enable security communication and to set impersonate level, this can be done by adding configuration settings in application config file:

<channel ref="tcp" port="8888" secure="true" impersonate="true" authenticationMode="ImpersonateCallers"/>

  • impersonate="true" to enable impersonation on threads
  • authenticationMode="ImpersonateCallers" to impersonate the caller, which impersonate client user before calling remoted object's methods
  • secure="true" to enable security options

On the client sider, application should comply server's rules

<channel ref="tcp"
secure="true"
tokenImpersonationLevel="impersonation">
<clientProviders>
  • secure="true" to enable client security options
  • tokenImpersonationLevel="impersonation" to enable client side impersonation, this property is same with server's impersonate property

When you server starts, do enable security option in your code:

System.Runtime.Remoting.RemotingConfiguration.Configure(AppDomain.CurrentDomain.SetupInformation.ConfigurationFile,true);

On client side application, also configure remoting service via config file with secure enabled like the above code sample.

The above sample illustrate NTLM scenario, with Kerberos, you'll have to add a property spn="Service/Domain" in your client configuration file.

reference:

  1. http://www.leastprivilege.com/
  2. How to add CIA to .Net Remoting
  3. Remoting config file format

沒有留言:

Blog Archive

About Me