IAuthorizeRemotingConnection .NET 远程处理
我已竭尽全力寻找有关 .NET Remoting 的 IAuthorizeRemotingConnection 接口的任何有用信息,但我并没有真正找到任何有用的信息。
这里的问题并不是真正的“操作方法”,因为有很多示例,但问题在于 IsConnectingIdentityAuthorized 方法中身份如何相互关联。
我们正在运行一个 .NET 远程服务,并且最近将 IAuthorizeRemotingConnection 接口添加到一个类中,然后远程服务使用该接口来验证身份。我遇到的问题是我们正在验证“什么身份”?
当身份在我的本地系统上传递到 IAuthorizeRemotingConnection 方法时,我能够记录该身份。我可以看出身份是 MACHINE\ASPNET 用户。然而,在我们的开发服务器中,我们针对另一个开发 Web 服务器托管服务,我无法看到该身份。
基本上,虽然远程服务调用 IsConnectingEndPointAuthorized 方法,并且我可以记录发生这种情况,但我从未看到调用 IsConnectingIdentityAuthorized 。
这很奇怪,因为虽然我在本地系统中使用相同的代码库,但它在开发环境中的工作方式有所不同。最令人沮丧的是,我无法判断哪个身份正在尝试使用该服务,即使如此,我什至看不到用于验证身份的方法正在被调用。
我确实在 Web 应用程序日志中看到出现“登录被拒绝”消息的异常。我想知道我们是否在幕后以某种方式“预身份验证”,并且失败了,因此我们甚至无法调用 IsConnectingIdentityAuthorized 方法。
有人有这方面的经验可以分享吗?
在添加“使用 WCF”服务之前,我计划采用这种方式,但距离完全实施还需要一段时间。我还有关于 WCF 的身份验证问题。然而,我也希望能够解决这个远程问题。
I have exhausted my efforts to find any useful information about the IAuthorizeRemotingConnection interface in regards to .NET Remoting, and I'm not really finding anything useful.
The issue here isn't really a "how-to" as there are many examples out there, but the issue is one of how identities relate to each other in the IsConnectingIdentityAuthorized method.
We have a .NET Remoting Service running and have lately added the IAuthorizeRemotingConnection interface to a class that then is used by the remoting service to validate identies. The problem I'm having is "what identities" are we validating?
I'm able to log the identity as it is passed into the IAuthorizeRemotingConnection method as it's passed in on my local system. I can tell the identity is the MACHINE\ASPNET user. Howeeer, in our development server, where we host the service against another development web server, I'm unable to see the identity.
Bascially, while the IsConnectingEndPointAuthorized method is called by the remoting service, and I can log that this occurs, I never see that the IsConnectingIdentityAuthorized is called.
This is very strange because while I'm using the same exact code-base for my local system, it works differently in the dev environmet. The most frustating thing about it is that I can't tell which identity is trying to use the service and even then, I can't even see tha the method used for verify the ideniity is being called at all.
I do see an exception occuring with a "login denied" message in the web application log. I'm wondering if we're "preauthenticating" in some fashion behind the scenes, and this fails, so we then fail to even call the IsConnectingIdentityAuthorized method.
Anyone have any experience with this they can share?
Before you add, "use a WCF" service, I am planning to go that way, but it'll be a while yet before that's fully implemented. I also have authenticatin identity quesions concering WCF. However, I'd love to be able to nail this remoting issue down too.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当让远程对象在 SSL 下工作时,我遇到了一些类似的情况。我们需要解决信任问题(caspol 为站点提供 FullTrust),并且由于使用的所有组件都是强命名的,因此我们需要停止使用生成的程序集版本
,而是确保它们已修复
- 这似乎使融合不再那么混乱。
除此之外,开发服务器上的 AppPool 用户是否具有权限,或者您是否需要确保在整个连接中使用相同的用户?调用者上的 MACHINE\ASPNET 将具有与服务器上不同的安全令牌,因此您可能希望在域用户下进行身份验证?有关完整图片和一些想法,请参阅此:http://msdn.microsoft.com /en-us/library/ff649264.aspx
I ran into something along these lines when getting remoting objects working under SSL. We needed to resolve Trust Issues (caspol to give site FullTrust) and since all the components in use were strong-named, we needed to stop using generated assembly versions
and instead make sure they were fixed
- this seemed to make fusion much less confused.
Other than that, does the AppPool user on the development server have privileges, or do you need to ensure you are using the same user across the connection? The MACHINE\ASPNET on your caller will have a different security token than on your server, so you might want to authenticate under a domain user? See this for a full picture and some ideas: http://msdn.microsoft.com/en-us/library/ff649264.aspx