|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
problem impersonating when remotingWhen I try to use impersonation when remoting I always get an exception even when the server and client are on the same computer... Here are my 2 config lines for the channels (that's about all there is in each config files) Client : <channel ref="tcp" secure="true" tokenImpersonationLevel="Impersonation" protectionLevel="EncryptAndSign"/> Server : <channel ref="tcp" DisplayName="LoginServer" secure="true" port="20000" impersonate="true" protectionLevel="EncryptAndSign"/> The exception I get : "A remote side security requirement was not fulfilled during authentication. Try increasing the ProtectionLevel and/or ImpersonationLevel." I get this exception on the first call after getting the object from the server... It may be important to note the object is marshaled from the server, so the server has an instance of the object and did RemotingServices.Marshal(...) on it. The client gets it using Activator.GetObject... If I use Identification, it works fine, but the WindowsPrincipal does not get through the server to another server (always on the same computer than the original server) containing other objects returned by the marshaled object... so I must use Impersonation and maybe Delegation... but for now, if I use anything else than Identification I get this exception... Can anyone help please? Thanks ThunderMusic Hi,
first of all you have to specify the tokenImpersonationLevel also in the server config (IIRC - Identify is the default). It is true that you only get a WindowsPrincipal when impersonate=true. This is a strange design decision - but in any case you get a WindowsIdentity, so you can create a WindowsPrincipal even without impersonating (which should only be done if you really need to) WindowsPrincipal p = new WindowsPrincipal((WindowsIdentity)Thread.CurrentPrincipal.Identity); dominick Show quoteHide quote > Hi, > When I try to use impersonation when remoting I always get an > exception even > when the server and client are on the same computer... Here are my 2 > config > lines for the channels (that's about all there is in each config > files) > Client > <channel ref="tcp" secure="true" > tokenImpersonationLevel="Impersonation" > protectionLevel="EncryptAndSign"/> > Server : > <channel ref="tcp" DisplayName="LoginServer" secure="true" > port="20000" > impersonate="true" protectionLevel="EncryptAndSign"/> > The exception I get : > "A remote side security requirement was not fulfilled during > authentication. > Try increasing the ProtectionLevel and/or ImpersonationLevel." > I get this exception on the first call after getting the object from > the server... It may be important to note the object is marshaled > from the server, so the server has an instance of the object and did > RemotingServices.Marshal(...) on it. The client gets it using > Activator.GetObject... If I use Identification, it works fine, but > the WindowsPrincipal does not get through the server to another server > (always on the same computer than the original server) containing > other objects returned by the marshaled object... so I must use > Impersonation and maybe Delegation... but for now, if I use anything > else than Identification I get this exception... > > Can anyone help please? > > Thanks > > ThunderMusic > thanks for your quick answer...
even if I set the tokenImpersonationLevel on server side to impersonation, it always throw me the exception I stated earlier... > This is a strange design decision - but in any case you get a Actually, it seems I have to, because right now, if I want to get an object > WindowsIdentity, so you can create a WindowsPrincipal even without > impersonating (which should only be done if you really need to) from ServerB to clientA using ServerA as an intermediate, the principal sent to the ServerB's Thread.CurrentPrincipal is the ServerA's principal and I need clientA's principal... I find it a bit confusing because ServerA doesn't make any call to the ServerB object, it only passes the reference to ClientA and then ClientA do the call... but I guess the Activator.GetObject(...) sets the Thread.CurrentPrincipal so we're stuck with the ServerA's principal. So that's why I need impersonation and I can't get it to work yet... > WindowsPrincipal p = new I know, I already use this exact line, but it does not work because of the > WindowsPrincipal((WindowsIdentity)Thread.CurrentPrincipal.Identity); reason I stated above... ServerB receives ServerA Principal instead of ClientA Principal, so it's wrong for what I need. Do you have any solution or at least a link where there could be something useful on the subject? I've read about everythin article on MS site about this and found nothing helpful yet... thanks ThunderMusic Show quoteHide quote "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in message news:4580be6385f68c87e2fbb2f2920@news.microsoft.com... > Hi, > first of all you have to specify the tokenImpersonationLevel also in the > server config (IIRC - Identify is the default). > > It is true that you only get a WindowsPrincipal when impersonate=true. > > This is a strange design decision - but in any case you get a > WindowsIdentity, so you can create a WindowsPrincipal even without > impersonating (which should only be done if you really need to) > > WindowsPrincipal p = new > WindowsPrincipal((WindowsIdentity)Thread.CurrentPrincipal.Identity); > > dominick > >> Hi, >> When I try to use impersonation when remoting I always get an >> exception even >> when the server and client are on the same computer... Here are my 2 >> config >> lines for the channels (that's about all there is in each config >> files) >> Client <channel ref="tcp" secure="true" >> tokenImpersonationLevel="Impersonation" >> protectionLevel="EncryptAndSign"/> >> Server : >> <channel ref="tcp" DisplayName="LoginServer" secure="true" >> port="20000" >> impersonate="true" protectionLevel="EncryptAndSign"/> >> The exception I get : >> "A remote side security requirement was not fulfilled during >> authentication. >> Try increasing the ProtectionLevel and/or ImpersonationLevel." >> I get this exception on the first call after getting the object from >> the server... It may be important to note the object is marshaled >> from the server, so the server has an instance of the object and did >> RemotingServices.Marshal(...) on it. The client gets it using >> Activator.GetObject... If I use Identification, it works fine, but >> the WindowsPrincipal does not get through the server to another server >> (always on the same computer than the original server) containing >> other objects returned by the marshaled object... so I must use >> Impersonation and maybe Delegation... but for now, if I use anything >> else than Identification I get this exception... >> >> Can anyone help please? >> >> Thanks >> >> ThunderMusic >> > > Ok, if I set my channels like this on ServerA and ServerB, it works fine
between ServerA and ServerB for a simple call (call that does not need principals) <channel ref="tcp" ID="ServerA" secure="true" port="20000" tokenImpersonationLevel="Impersonation" impersonate="true" protectionLevel="EncryptAndSign"/> <channel ref="tcp" ID="ServerB" secure="true" port="20003" tokenImpersonationLevel="Impersonation" impersonate="true" protectionLevel="EncryptAndSign"/> my ClientA config file contains this : <channel ref="tcp" ID="ClientA" secure="true" port="0" tokenImpersonationLevel="Impersonation" impersonate="true" protectionLevel="EncryptAndSign"/> so it works between ServerA and ServerB but not between ClientA and ServerA... note : everything is on the same machine... Thanks ThunderMusic Show quoteHide quote "ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message news:OB$$A7AsGHA.4884@TK2MSFTNGP04.phx.gbl... > thanks for your quick answer... > > even if I set the tokenImpersonationLevel on server side to impersonation, > it always throw me the exception I stated earlier... > >> This is a strange design decision - but in any case you get a >> WindowsIdentity, so you can create a WindowsPrincipal even without >> impersonating (which should only be done if you really need to) > Actually, it seems I have to, because right now, if I want to get an > object from ServerB to clientA using ServerA as an intermediate, the > principal sent to the ServerB's Thread.CurrentPrincipal is the ServerA's > principal and I need clientA's principal... I find it a bit confusing > because ServerA doesn't make any call to the ServerB object, it only > passes the reference to ClientA and then ClientA do the call... but I > guess the Activator.GetObject(...) sets the Thread.CurrentPrincipal so > we're stuck with the ServerA's principal. So that's why I need > impersonation and I can't get it to work yet... > >> WindowsPrincipal p = new >> WindowsPrincipal((WindowsIdentity)Thread.CurrentPrincipal.Identity); > I know, I already use this exact line, but it does not work because of the > reason I stated above... ServerB receives ServerA Principal instead of > ClientA Principal, so it's wrong for what I need. > > Do you have any solution or at least a link where there could be something > useful on the subject? I've read about everythin article on MS site about > this and found nothing helpful yet... > > thanks > > ThunderMusic > > > > > "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in > message news:4580be6385f68c87e2fbb2f2920@news.microsoft.com... >> Hi, >> first of all you have to specify the tokenImpersonationLevel also in the >> server config (IIRC - Identify is the default). >> >> It is true that you only get a WindowsPrincipal when impersonate=true. >> >> This is a strange design decision - but in any case you get a >> WindowsIdentity, so you can create a WindowsPrincipal even without >> impersonating (which should only be done if you really need to) >> >> WindowsPrincipal p = new >> WindowsPrincipal((WindowsIdentity)Thread.CurrentPrincipal.Identity); >> >> dominick >> >>> Hi, >>> When I try to use impersonation when remoting I always get an >>> exception even >>> when the server and client are on the same computer... Here are my 2 >>> config >>> lines for the channels (that's about all there is in each config >>> files) >>> Client <channel ref="tcp" secure="true" >>> tokenImpersonationLevel="Impersonation" >>> protectionLevel="EncryptAndSign"/> >>> Server : >>> <channel ref="tcp" DisplayName="LoginServer" secure="true" >>> port="20000" >>> impersonate="true" protectionLevel="EncryptAndSign"/> >>> The exception I get : >>> "A remote side security requirement was not fulfilled during >>> authentication. >>> Try increasing the ProtectionLevel and/or ImpersonationLevel." >>> I get this exception on the first call after getting the object from >>> the server... It may be important to note the object is marshaled >>> from the server, so the server has an instance of the object and did >>> RemotingServices.Marshal(...) on it. The client gets it using >>> Activator.GetObject... If I use Identification, it works fine, but >>> the WindowsPrincipal does not get through the server to another server >>> (always on the same computer than the original server) containing >>> other objects returned by the marshaled object... so I must use >>> Impersonation and maybe Delegation... but for now, if I use anything >>> else than Identification I get this exception... >>> >>> Can anyone help please? >>> >>> Thanks >>> >>> ThunderMusic >>> >> >> > > ok, I found my problem... it was the config file that was not updating in
my bin/debug dir... grrr... I hate when I spend time finding a solution when it's a stupid thing like that... does anyone have a trick so it can be done automaticaly? for now, the config files are at the root of my project, but when I run debug, the basepath is in the bin/debug dir, so the config files are not the same (assuming I did not copy the new ones)... thanks ThunderMusic Show quoteHide quote "ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message news:Oai9oNBsGHA.4660@TK2MSFTNGP04.phx.gbl... > Ok, if I set my channels like this on ServerA and ServerB, it works fine > between ServerA and ServerB for a simple call (call that does not need > principals) > > <channel ref="tcp" ID="ServerA" secure="true" port="20000" > tokenImpersonationLevel="Impersonation" impersonate="true" > protectionLevel="EncryptAndSign"/> > <channel ref="tcp" ID="ServerB" secure="true" port="20003" > tokenImpersonationLevel="Impersonation" impersonate="true" > protectionLevel="EncryptAndSign"/> > > my ClientA config file contains this : > <channel ref="tcp" ID="ClientA" secure="true" port="0" > tokenImpersonationLevel="Impersonation" impersonate="true" > protectionLevel="EncryptAndSign"/> > > so it works between ServerA and ServerB but not between ClientA and > ServerA... note : everything is on the same machine... > > Thanks > > ThunderMusic > > "ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message > news:OB$$A7AsGHA.4884@TK2MSFTNGP04.phx.gbl... >> thanks for your quick answer... >> >> even if I set the tokenImpersonationLevel on server side to >> impersonation, it always throw me the exception I stated earlier... >> >>> This is a strange design decision - but in any case you get a >>> WindowsIdentity, so you can create a WindowsPrincipal even without >>> impersonating (which should only be done if you really need to) >> Actually, it seems I have to, because right now, if I want to get an >> object from ServerB to clientA using ServerA as an intermediate, the >> principal sent to the ServerB's Thread.CurrentPrincipal is the ServerA's >> principal and I need clientA's principal... I find it a bit confusing >> because ServerA doesn't make any call to the ServerB object, it only >> passes the reference to ClientA and then ClientA do the call... but I >> guess the Activator.GetObject(...) sets the Thread.CurrentPrincipal so >> we're stuck with the ServerA's principal. So that's why I need >> impersonation and I can't get it to work yet... >> >>> WindowsPrincipal p = new >>> WindowsPrincipal((WindowsIdentity)Thread.CurrentPrincipal.Identity); >> I know, I already use this exact line, but it does not work because of >> the reason I stated above... ServerB receives ServerA Principal instead >> of ClientA Principal, so it's wrong for what I need. >> >> Do you have any solution or at least a link where there could be >> something useful on the subject? I've read about everythin article on MS >> site about this and found nothing helpful yet... >> >> thanks >> >> ThunderMusic >> >> >> >> >> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in >> message news:4580be6385f68c87e2fbb2f2920@news.microsoft.com... >>> Hi, >>> first of all you have to specify the tokenImpersonationLevel also in the >>> server config (IIRC - Identify is the default). >>> >>> It is true that you only get a WindowsPrincipal when impersonate=true. >>> >>> This is a strange design decision - but in any case you get a >>> WindowsIdentity, so you can create a WindowsPrincipal even without >>> impersonating (which should only be done if you really need to) >>> >>> WindowsPrincipal p = new >>> WindowsPrincipal((WindowsIdentity)Thread.CurrentPrincipal.Identity); >>> >>> dominick >>> >>>> Hi, >>>> When I try to use impersonation when remoting I always get an >>>> exception even >>>> when the server and client are on the same computer... Here are my 2 >>>> config >>>> lines for the channels (that's about all there is in each config >>>> files) >>>> Client <channel ref="tcp" secure="true" >>>> tokenImpersonationLevel="Impersonation" >>>> protectionLevel="EncryptAndSign"/> >>>> Server : >>>> <channel ref="tcp" DisplayName="LoginServer" secure="true" >>>> port="20000" >>>> impersonate="true" protectionLevel="EncryptAndSign"/> >>>> The exception I get : >>>> "A remote side security requirement was not fulfilled during >>>> authentication. >>>> Try increasing the ProtectionLevel and/or ImpersonationLevel." >>>> I get this exception on the first call after getting the object from >>>> the server... It may be important to note the object is marshaled >>>> from the server, so the server has an instance of the object and did >>>> RemotingServices.Marshal(...) on it. The client gets it using >>>> Activator.GetObject... If I use Identification, it works fine, but >>>> the WindowsPrincipal does not get through the server to another server >>>> (always on the same computer than the original server) containing >>>> other objects returned by the marshaled object... so I must use >>>> Impersonation and maybe Delegation... but for now, if I use anything >>>> else than Identification I get this exception... >>>> >>>> Can anyone help please? >>>> >>>> Thanks >>>> >>>> ThunderMusic >>>> >>> >>> >> >> > > Hallo ThunderMusic!
> ok, I found my problem... it was the config file that was not Use the PostBuild Event in VS.Net (if you are using VS).> updating in my bin/debug dir... grrr... I hate when I spend time > finding a solution when it's a stupid thing like that... does anyone > have a trick so it can be done automaticaly? br GO you mean app.config??
thats usually copied by default, otherwise make sure that "copy always" is select in the properties window. dominick Show quoteHide quote > Hallo ThunderMusic! > >> ok, I found my problem... it was the config file that was not >> updating in my bin/debug dir... grrr... I hate when I spend time >> finding a solution when it's a stupid thing like that... does anyone >> have a trick so it can be done automaticaly? >> > Use the PostBuild Event in VS.Net (if you are using VS). > > br GO > 
Other interesting topics
interop & performance
Impersonation problem Problem using obfuscation Dotnet 2.0 PCKS CheckSignature Error What permission do I need to add a user to a group? (C#) Prevent others from using my class libraries What's wrong with my encryption function? Keyed hash vs Digital signature ???? Security Exception and Windows Vista Form authentication and files that shouldn'y be authenticated |
|||||||||||||||||||||||
