Trying to use .Net Remoting with Windows Security

Trying to use .Net Remoting with Windows Security

Old forum URL: forums.lhotka.net/forums/t/2889.aspx

RobKraft posted on Wednesday, May 16, 2007

I have an ASP.Net 2.0 WebApp that customers can choose to use Forms Authentication with, or they can choose Windows Authentication.

I am now testing to see if I can get a .Net Remoting deployment working using another IIS web server as the host for my business objects, and a regular web app on IIS as the web server.

I can do this successfully using straight forms authentication; but I cannot seem to get it to work using Windows Security and I've exhausted all of my ideas.

The error I generally get is "Invalid token for impersonation - it cannot be duplicated."

I am running against the IIS Server on my local machine for the server, and I am running the client from within DevStudio.  The sneaky thing we are doing with this app is that when a user connects to the "Windows Auth" site; it looks up their windows login in our database and passes a token representing that login to the "Forms Auth" site.  The "Forms Auth" site uses that token to get the user's "Forms Login" from the database and authenticates them and gets their permissions.

However, my code doesn't make it near that far.  On the first call to a DataPortal.Fetch I get the Invalid Token error.  Stepping into the DataPortal I can see that my domain\login is passed through the context; which is what I would expect.

I have tried every combination of the following (I think - yes, I've been at this for days)):

1) Web.config on RemoteHost: <add key="CslaAuthentication" value="CSLA"/>, but sometimes I try <add key="CslaAuthentication" value="Windows"/>

2) Web.config on RemoteHost: <authentication mode="Windows"/>, but sometimes I try None or Forms

3) Web.config on RemoteHost:<identity impersonate="true" />, but sometimes I try false and sometimes I add my credentials

4) Web.config on Client: <add key="CslaAuthentication" value="Csla"/>, but sometimes I try no key or Windows

5) Web.config on Client:<add key="CslaDataPortalProxy" value="Csla.DataPortalClient.RemotingProxy, Csla"/><add key="CslaDataPortalUrl" value="http://172.16.2.58/IntraReqWinAuth/WinRemotingPortal.rem"/>

6) Web.config on Client: <authentication mode = "Windows"/>, though sometimes I try "None" or "Forms"

7) IIS Directory Security to Allow Anonymous, Windows Integrated, or both

8) Web.config on RemoteHost: Allow Users = "*"

9) Web.config on RemoteHost: No entry for deny users

I would greatly appreciate any ideas for other things I could try.  I am able to implement a basic windows security example from Microsoft's web site using .Net Remoting; but I cannot seem to get it to work using a class derived from CSLA.

 

RobKraft replied on Wednesday, May 16, 2007

I think the act of posting this triggered the switch to help me identify the problem.  When my app is running in FormsAuth, the first DataPortal call was through a class derived from Csla.Security.BusinessPrincipalBase, but when I connect through the WinAuth, my app was first trying to use a ReadOnlyBase class.  By calling the BusinessPrincipalBase class first, I am able to make this work; though I need to re-design my code a little bit.

Copyright (c) Marimer LLC