开发者

C#: Restrict .Net remoting to accept localhost connections only

I am using .Net Remoting to handle intra-process communication between a master service and numerous (sometimes 50+) instances of a small client library. From a security standpoint, it is imperative that the service only accepts connections from the local machine, and noone else -- yet I cannot find any information on how one does this, and the MSDN docs don't seem to be much help.

Preferably, I'd like to keep conn开发者_Go百科ections bound to localhost in a way that will not set off users' firewall alerts... but this isn't required functionality.

Thank you for your help!

Tom


I ended up stumbling across this myself while exploring the IpcChannel documentation.

The problem with IpcChannel is that Windows Named Pipes do not work correctly under UAC when the client runs as a low-integrity process. Unfortunately as I am working on a plugin, and not a full app, plugin host's low-integrity means calling a bunch of Win32 APIs -- including some new ones specific to Vista -- and programmatically setting app token ACLs, which is something that I really don't want to do.

Luckily, several of the overloaded forms of RegisterChannel() allow you to specify options in an System.Collections.IDictionary Hashtable object, several of them having to do with security and handling remote connections. More info here:

http://msdn.microsoft.com/en-us/library/bb187434%28VS.85%29.aspx

I ended up reverting my code back to the TcpChannel implementation and changing a few things in the server, and it is working wonderfully. No sweat!

            System.Collections.IDictionary sProperties = new System.Collections.Hashtable();

        sProperties["port"] = SERVER_PORT;
        sProperties["authorizedGroup"] = "INTERACTIVE";
        sProperties["rejectRemoteRequests"] = true;

        BinaryServerFormatterSinkProvider serverProvider = new BinaryServerFormatterSinkProvider();

        TcpServerChannel channel = new TcpServerChannel(sProperties, serverProvider);   
        ChannelServices.RegisterChannel(channel, false);

Sorry to take away your answer but I stumbled on something that answers my question exactly.

tom


Use an IpcChannel if you are on .NET 2.0+. It's designed for inter-process communications and doesn't use TCP at all.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜