Hi,
It seems you can get most, if not all, of what you want using features that were introduced to remoting in .NET 2.0. If you set up mutual authentication then the client identity will be transfered to the server.
Here are some relevant msoft links,
http://msdn.microsoft.com/msdnmag/is...6/NETRemoting/
http://msdn.microsoft.com/en-us/library/4e1k4t2s(VS.85).aspx
You can get code for the latter by typing
ms-help://MS.VSCC.v80/MS.MSDN.v80/MS.VisualStudio.v80.en/dv_fxsamples/html/31db1897-b551-42e6-bd53-0852a68adc08.htm
into vs.net help.
You might even be able to use the PrincipalPermission attribute like so
Code:
class RemotedObject
{
[PrincipalPermission(SecurityAction.Demand, Role="Important")]
void MeaningfulStuff() { ... }
}
See this post for some info on getting that to work.
In case you can't get the PrincipalPermission attribute working, you can create your own AOP advice to use information contained in Thread.CurrentPrincipal.Identity or Thread.CurrentPrincipal. You can introduce Spring Security (Java) style attribute [Secured("ROLE1,ROLE2")] and have the AOP advice be based on the information in that attribute or one could even have the custom AOP advice use the standard PrincipalPermission attribute.
I've attached another sample I found while researching the topic. That might be of use, as well as a few other links: Secure Remoting Configuration Settings, .NET Remoting in non-domain enviroments, New Security Features in .NET 2.0.
If you need help on authoring the AOP advice, don't hesitate to ask. Let me know how it goes.
Cheers,
Mark
Remoting and ACL
Reply With Quote