> Hi,
> I want to be able to retrieve user information on the server of my
> remoting
> app...  What I did is the following : I called
> System.Security.WindowsIdentity.GetCurrent().Token and sent it to the
> server
> (via remoting). When I try to recreate the WindowsIdentity using the
> Token
> server-side, it tells me the Token is invalid even if the server app
> is on
> the same computer (same windows, same all) than the client app.
> Is there a way I can do what I need to do? I mean, be able to retrieve
> the user infos (groups) using something I can send through network?
> (ideally encrypted)
>
> I've also seen in the same object, the property .User (that contains
> the User SID on the NT Network). Is there something to do with this
> value so I can retrieve the user it belongs to and get the groups (or
> roles) it's in?
>
> thanks
>
> ThunderMusic
>

"Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
message news:4580be633f348c8739a70073bc0@news.microsoft.com...
> framework version??
>
>
>> Hi,
>> I want to be able to retrieve user information on the server of my
>> remoting
>> app...  What I did is the following : I called
>> System.Security.WindowsIdentity.GetCurrent().Token and sent it to the
>> server
>> (via remoting). When I try to recreate the WindowsIdentity using the
>> Token
>> server-side, it tells me the Token is invalid even if the server app
>> is on
>> the same computer (same windows, same all) than the client app.
>> Is there a way I can do what I need to do? I mean, be able to retrieve
>> the user infos (groups) using something I can send through network?
>> (ideally encrypted)
>>
>> I've also seen in the same object, the property .User (that contains
>> the User SID on the NT Network). Is there something to do with this
>> value so I can retrieve the user it belongs to and get the groups (or
>> roles) it's in?
>>
>> thanks
>>
>> ThunderMusic
>>
>
>

> Hi,
> I want to be able to retrieve user information on the server of my
> remoting
> app...  What I did is the following : I called
> System.Security.WindowsIdentity.GetCurrent().Token and sent it to the
> server
> (via remoting). When I try to recreate the WindowsIdentity using the
> Token
> server-side, it tells me the Token is invalid even if the server app
> is on
> the same computer (same windows, same all) than the client app.
> Is there a way I can do what I need to do? I mean, be able to retrieve
> the user infos (groups) using something I can send through network?
> (ideally encrypted)
>
> I've also seen in the same object, the property .User (that contains
> the User SID on the NT Network). Is there something to do with this
> value so I can retrieve the user it belongs to and get the groups (or
> roles) it's in?
>
> thanks
>
> ThunderMusic
>

"Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
message news:4580be633f358c8739a97f61020@news.microsoft.com...
> regardless of the version - you cannot transfer tokens across the
> network - they only have a meaning in the machine where they were created.
>
> In addition this would mean that you extend the trusted subsystem to the
> client, which defeats the purpose of network authentication.
>
>
>> Hi,
>> I want to be able to retrieve user information on the server of my
>> remoting
>> app...  What I did is the following : I called
>> System.Security.WindowsIdentity.GetCurrent().Token and sent it to the
>> server
>> (via remoting). When I try to recreate the WindowsIdentity using the
>> Token
>> server-side, it tells me the Token is invalid even if the server app
>> is on
>> the same computer (same windows, same all) than the client app.
>> Is there a way I can do what I need to do? I mean, be able to retrieve
>> the user infos (groups) using something I can send through network?
>> (ideally encrypted)
>>
>> I've also seen in the same object, the property .User (that contains
>> the User SID on the NT Network). Is there something to do with this
>> value so I can retrieve the user it belongs to and get the groups (or
>> roles) it's in?
>>
>> thanks
>>
>> ThunderMusic
>>
>
>

"ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
news:%23RtjyGbpGHA.4116@TK2MSFTNGP03.phx.gbl...
> I'm on framework 2.0...  Actually, all I want to do is "Integrated Windows
> Security". The user is authenticated on the client machine, so there must
> be something I can do to make the server know which user is authenticated
> and get it's informations from the domain server (like groups, et al.)  I
> thought Token was the way to go, but without success...  By using the User
> SID, would there be a way for my server app (not on the domain server, but
> still in the same domain) to know in which groups is this user? I don't
> even have to know which user it is (if I can know, fine, I can log it, but
> otherwise it's not that important), I just need it's groups...
>
> Thanks
>
> ThunderMusic
>
>
> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
> message news:4580be633f358c8739a97f61020@news.microsoft.com...
>> regardless of the version - you cannot transfer tokens across the
>> network - they only have a meaning in the machine where they were
>> created.
>>
>> In addition this would mean that you extend the trusted subsystem to the
>> client, which defeats the purpose of network authentication.
>>
>>
>>> Hi,
>>> I want to be able to retrieve user information on the server of my
>>> remoting
>>> app...  What I did is the following : I called
>>> System.Security.WindowsIdentity.GetCurrent().Token and sent it to the
>>> server
>>> (via remoting). When I try to recreate the WindowsIdentity using the
>>> Token
>>> server-side, it tells me the Token is invalid even if the server app
>>> is on
>>> the same computer (same windows, same all) than the client app.
>>> Is there a way I can do what I need to do? I mean, be able to retrieve
>>> the user infos (groups) using something I can send through network?
>>> (ideally encrypted)
>>>
>>> I've also seen in the same object, the property .User (that contains
>>> the User SID on the NT Network). Is there something to do with this
>>> value so I can retrieve the user it belongs to and get the groups (or
>>> roles) it's in?
>>>
>>> thanks
>>>
>>> ThunderMusic
>>>
>>
>>
>
>

> I'm on framework 2.0...  Actually, all I want to do is "Integrated
> Windows Security". The user is authenticated on the client machine, so
> there must be something I can do to make the server know which user is
> authenticated and get it's informations from the domain server (like
> groups, et al.)  I thought Token was the way to go, but without
> success...  By using the User SID, would there be a way for my server
> app (not on the domain server, but still in the same domain) to know
> in which groups is this user? I don't even have to know which user it
> is (if I can know, fine, I can log it, but otherwise it's not that
> important), I just need it's groups...
>
> Thanks
>
> ThunderMusic
>
> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote
> in message news:4580be633f358c8739a97f61020@news.microsoft.com...
>
>> regardless of the version - you cannot transfer tokens across the
>> network - they only have a meaning in the machine where they were
>> created.
>>
>> In addition this would mean that you extend the trusted subsystem to
>> the client, which defeats the purpose of network authentication.
>>
>>> Hi,
>>> I want to be able to retrieve user information on the server of my
>>> remoting
>>> app...  What I did is the following : I called
>>> System.Security.WindowsIdentity.GetCurrent().Token and sent it to
>>> the
>>> server
>>> (via remoting). When I try to recreate the WindowsIdentity using the
>>> Token
>>> server-side, it tells me the Token is invalid even if the server app
>>> is on
>>> the same computer (same windows, same all) than the client app.
>>> Is there a way I can do what I need to do? I mean, be able to
>>> retrieve
>>> the user infos (groups) using something I can send through network?
>>> (ideally encrypted)
>>> I've also seen in the same object, the property .User (that contains
>>> the User SID on the NT Network). Is there something to do with this
>>> value so I can retrieve the user it belongs to and get the groups
>>> (or roles) it's in?
>>>
>>> thanks
>>>
>>> ThunderMusic
>>>

"Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
message news:4580be63400a8c873dc4b24e9f7@news.microsoft.com...
>i think i have replied like 1 week ago to your original question...
>
> this is easily possible in 2.0 - remoting supports integrated auth and if
> you wanna go down to socket level - NegotiateStream is the class that does
> the heavy lifting there.
>
> you don't have to "invent" your own security system.
>
> here is a sample:
> http://www.leastprivilege.com/content/binary/SecureRemoting.zip
>
>
>> I'm on framework 2.0...  Actually, all I want to do is "Integrated
>> Windows Security". The user is authenticated on the client machine, so
>> there must be something I can do to make the server know which user is
>> authenticated and get it's informations from the domain server (like
>> groups, et al.)  I thought Token was the way to go, but without
>> success...  By using the User SID, would there be a way for my server
>> app (not on the domain server, but still in the same domain) to know
>> in which groups is this user? I don't even have to know which user it
>> is (if I can know, fine, I can log it, but otherwise it's not that
>> important), I just need it's groups...
>>
>> Thanks
>>
>> ThunderMusic
>>
>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote
>> in message news:4580be633f358c8739a97f61020@news.microsoft.com...
>>
>>> regardless of the version - you cannot transfer tokens across the
>>> network - they only have a meaning in the machine where they were
>>> created.
>>>
>>> In addition this would mean that you extend the trusted subsystem to
>>> the client, which defeats the purpose of network authentication.
>>>
>>>> Hi,
>>>> I want to be able to retrieve user information on the server of my
>>>> remoting
>>>> app...  What I did is the following : I called
>>>> System.Security.WindowsIdentity.GetCurrent().Token and sent it to
>>>> the
>>>> server
>>>> (via remoting). When I try to recreate the WindowsIdentity using the
>>>> Token
>>>> server-side, it tells me the Token is invalid even if the server app
>>>> is on
>>>> the same computer (same windows, same all) than the client app.
>>>> Is there a way I can do what I need to do? I mean, be able to
>>>> retrieve
>>>> the user infos (groups) using something I can send through network?
>>>> (ideally encrypted)
>>>> I've also seen in the same object, the property .User (that contains
>>>> the User SID on the NT Network). Is there something to do with this
>>>> value so I can retrieve the user it belongs to and get the groups
>>>> (or roles) it's in?
>>>>
>>>> thanks
>>>>
>>>> ThunderMusic
>>>>
>
>

"Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
message news:4580be63400a8c873dc4b24e9f7@news.microsoft.com...
>i think i have replied like 1 week ago to your original question...
>
> this is easily possible in 2.0 - remoting supports integrated auth and if
> you wanna go down to socket level - NegotiateStream is the class that does
> the heavy lifting there.
>
> you don't have to "invent" your own security system.
>
> here is a sample:
> http://www.leastprivilege.com/content/binary/SecureRemoting.zip
>
>
>> I'm on framework 2.0...  Actually, all I want to do is "Integrated
>> Windows Security". The user is authenticated on the client machine, so
>> there must be something I can do to make the server know which user is
>> authenticated and get it's informations from the domain server (like
>> groups, et al.)  I thought Token was the way to go, but without
>> success...  By using the User SID, would there be a way for my server
>> app (not on the domain server, but still in the same domain) to know
>> in which groups is this user? I don't even have to know which user it
>> is (if I can know, fine, I can log it, but otherwise it's not that
>> important), I just need it's groups...
>>
>> Thanks
>>
>> ThunderMusic
>>
>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote
>> in message news:4580be633f358c8739a97f61020@news.microsoft.com...
>>
>>> regardless of the version - you cannot transfer tokens across the
>>> network - they only have a meaning in the machine where they were
>>> created.
>>>
>>> In addition this would mean that you extend the trusted subsystem to
>>> the client, which defeats the purpose of network authentication.
>>>
>>>> Hi,
>>>> I want to be able to retrieve user information on the server of my
>>>> remoting
>>>> app...  What I did is the following : I called
>>>> System.Security.WindowsIdentity.GetCurrent().Token and sent it to
>>>> the
>>>> server
>>>> (via remoting). When I try to recreate the WindowsIdentity using the
>>>> Token
>>>> server-side, it tells me the Token is invalid even if the server app
>>>> is on
>>>> the same computer (same windows, same all) than the client app.
>>>> Is there a way I can do what I need to do? I mean, be able to
>>>> retrieve
>>>> the user infos (groups) using something I can send through network?
>>>> (ideally encrypted)
>>>> I've also seen in the same object, the property .User (that contains
>>>> the User SID on the NT Network). Is there something to do with this
>>>> value so I can retrieve the user it belongs to and get the groups
>>>> (or roles) it's in?
>>>>
>>>> thanks
>>>>
>>>> ThunderMusic
>>>>
>
>

"ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
news:eImcuPcpGHA.2464@TK2MSFTNGP03.phx.gbl...
> Excellent!!  The way they do it in you sample app works great...  One
> thing I have to know before I can use it. Can we tell for sure that the
> user identified by Thread.CurrentPrincipal.Identity has been authenticated
> by the server and not forged by a hacker? Does the "EncryptAndSign" flag
> ensures 99.9% the received data is from legit source? or is it possible to
> verify data on the domain server using what we have here, like the
> WindowsIdentity.User (SID) or something like it?
>
> Thanks a lot (I've helped me a lot here)
>
> ThunderMusic
>
>
> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
> message news:4580be63400a8c873dc4b24e9f7@news.microsoft.com...
>>i think i have replied like 1 week ago to your original question...
>>
>> this is easily possible in 2.0 - remoting supports integrated auth and if
>> you wanna go down to socket level - NegotiateStream is the class that
>> does the heavy lifting there.
>>
>> you don't have to "invent" your own security system.
>>
>> here is a sample:
>> http://www.leastprivilege.com/content/binary/SecureRemoting.zip
>>
>>
>>> I'm on framework 2.0...  Actually, all I want to do is "Integrated
>>> Windows Security". The user is authenticated on the client machine, so
>>> there must be something I can do to make the server know which user is
>>> authenticated and get it's informations from the domain server (like
>>> groups, et al.)  I thought Token was the way to go, but without
>>> success...  By using the User SID, would there be a way for my server
>>> app (not on the domain server, but still in the same domain) to know
>>> in which groups is this user? I don't even have to know which user it
>>> is (if I can know, fine, I can log it, but otherwise it's not that
>>> important), I just need it's groups...
>>>
>>> Thanks
>>>
>>> ThunderMusic
>>>
>>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote
>>> in message news:4580be633f358c8739a97f61020@news.microsoft.com...
>>>
>>>> regardless of the version - you cannot transfer tokens across the
>>>> network - they only have a meaning in the machine where they were
>>>> created.
>>>>
>>>> In addition this would mean that you extend the trusted subsystem to
>>>> the client, which defeats the purpose of network authentication.
>>>>
>>>>> Hi,
>>>>> I want to be able to retrieve user information on the server of my
>>>>> remoting
>>>>> app...  What I did is the following : I called
>>>>> System.Security.WindowsIdentity.GetCurrent().Token and sent it to
>>>>> the
>>>>> server
>>>>> (via remoting). When I try to recreate the WindowsIdentity using the
>>>>> Token
>>>>> server-side, it tells me the Token is invalid even if the server app
>>>>> is on
>>>>> the same computer (same windows, same all) than the client app.
>>>>> Is there a way I can do what I need to do? I mean, be able to
>>>>> retrieve
>>>>> the user infos (groups) using something I can send through network?
>>>>> (ideally encrypted)
>>>>> I've also seen in the same object, the property .User (that contains
>>>>> the User SID on the NT Network). Is there something to do with this
>>>>> value so I can retrieve the user it belongs to and get the groups
>>>>> (or roles) it's in?
>>>>>
>>>>> thanks
>>>>>
>>>>> ThunderMusic
>>>>>
>>
>>
>
>

> oups, "I've helped me a lot here" should have been "You've helped me a
> lot here"!! ;)
>
> "ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in
> message news:eImcuPcpGHA.2464@TK2MSFTNGP03.phx.gbl...
>
>> Excellent!!  The way they do it in you sample app works great...  One
>> thing I have to know before I can use it. Can we tell for sure that
>> the user identified by Thread.CurrentPrincipal.Identity has been
>> authenticated by the server and not forged by a hacker? Does the
>> "EncryptAndSign" flag ensures 99.9% the received data is from legit
>> source? or is it possible to verify data on the domain server using
>> what we have here, like the WindowsIdentity.User (SID) or something
>> like it?
>>
>> Thanks a lot (I've helped me a lot here)
>>
>> ThunderMusic
>>
>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote
>> in message news:4580be63400a8c873dc4b24e9f7@news.microsoft.com...
>>
>>> i think i have replied like 1 week ago to your original question...
>>>
>>> this is easily possible in 2.0 - remoting supports integrated auth
>>> and if you wanna go down to socket level - NegotiateStream is the
>>> class that does the heavy lifting there.
>>>
>>> you don't have to "invent" your own security system.
>>>
>>> here is a sample:
>>> http://www.leastprivilege.com/content/binary/SecureRemoting.zip
>>>> I'm on framework 2.0...  Actually, all I want to do is "Integrated
>>>> Windows Security". The user is authenticated on the client machine,
>>>> so there must be something I can do to make the server know which
>>>> user is authenticated and get it's informations from the domain
>>>> server (like groups, et al.)  I thought Token was the way to go,
>>>> but without success...  By using the User SID, would there be a way
>>>> for my server app (not on the domain server, but still in the same
>>>> domain) to know in which groups is this user? I don't even have to
>>>> know which user it is (if I can know, fine, I can log it, but
>>>> otherwise it's not that important), I just need it's groups...
>>>>
>>>> Thanks
>>>>
>>>> ThunderMusic
>>>>
>>>> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com>
>>>> wrote in message
>>>> news:4580be633f358c8739a97f61020@news.microsoft.com...
>>>>
>>>>> regardless of the version - you cannot transfer tokens across the
>>>>> network - they only have a meaning in the machine where they were
>>>>> created.
>>>>>
>>>>> In addition this would mean that you extend the trusted subsystem
>>>>> to the client, which defeats the purpose of network
>>>>> authentication.
>>>>>
>>>>>> Hi,
>>>>>> I want to be able to retrieve user information on the server of
>>>>>> my
>>>>>> remoting
>>>>>> app...  What I did is the following : I called
>>>>>> System.Security.WindowsIdentity.GetCurrent().Token and sent it to
>>>>>> the
>>>>>> server
>>>>>> (via remoting). When I try to recreate the WindowsIdentity using
>>>>>> the
>>>>>> Token
>>>>>> server-side, it tells me the Token is invalid even if the server
>>>>>> app
>>>>>> is on
>>>>>> the same computer (same windows, same all) than the client app.
>>>>>> Is there a way I can do what I need to do? I mean, be able to
>>>>>> retrieve
>>>>>> the user infos (groups) using something I can send through
>>>>>> network?
>>>>>> (ideally encrypted)
>>>>>> I've also seen in the same object, the property .User (that
>>>>>> contains
>>>>>> the User SID on the NT Network). Is there something to do with
>>>>>> this
>>>>>> value so I can retrieve the user it belongs to and get the groups
>>>>>> (or roles) it's in?
>>>>>> thanks
>>>>>>
>>>>>> ThunderMusic
>>>>>>