smegghead
asked on
https remoting
Hi,
I have a remoting application which uses a binary formatter over tcp, this isn't hosted within IIS, but within my own application server.
I am releasing the application to a client who want to connect over the web.
I'm a little concerned about security, i.e. can someone hack the application by using the open port ?? or is there some kind of handshaking between legitimate clients trying to connect.
Ideally, I'd like to encrypt the data being sent. We have an SSL certificate, is there any way this can be used to encrypt the data.
I've done some web-searches, but can only find info on using SSL when hosted within IIS, which isn't an option.
Thanks
Smg.
I have a remoting application which uses a binary formatter over tcp, this isn't hosted within IIS, but within my own application server.
I am releasing the application to a client who want to connect over the web.
I'm a little concerned about security, i.e. can someone hack the application by using the open port ?? or is there some kind of handshaking between legitimate clients trying to connect.
Ideally, I'd like to encrypt the data being sent. We have an SSL certificate, is there any way this can be used to encrypt the data.
I've done some web-searches, but can only find info on using SSL when hosted within IIS, which isn't an option.
Thanks
Smg.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
smegghead: please email me per other question ... I forget to put my pants on in the morning sometimes when I go to work :)
ASKER
I did email you, tried three different addresses (tried to work them out from your profile).. got two bounce backs, so assumed the 3rd worked.
Mine is on my profile also, so you might be better emailing me !! :-)
Chrs
Smg.
Mine is on my profile also, so you might be better emailing me !! :-)
Chrs
Smg.
gregoryyoung@ee
btw: this is worth a read as well http://msdn.microsoft.com/library/en-us/dndotnet/html/remsec.asp
The .NET remoting framework provides a lot of extensibility options.
Almost all extensions to the .NET remoting involve implementating IMessageSink.
.NET remoted calls go through the following chain:
[Client side]
call -> TransparentProxy -> RealProxy -> EnvoySinkChain -> ClientContextSinkChain -> ClientChannelSinkChain
<transport>
[Server side]
ServerChannelSinkChain -> ServerContextSinkChain -> ServerObjectSinkChain -> StackBuilderSink -> method call
You can choose to implement some sort of encryption on one of these sink chains, for example, client and server channel sinks (symmetric).
I must say that implementing such stuff requires a good understanding of .NET remoting infrastructure.
The following books are pretty good, and contain some examples of customized sinks:
"Microsoft .NET Remoting" - Microsoft Press - ISBN:0735617783
"Advanced .NET Remoting (C# Edition)" - Apress - ISBN:1590590252 (Contains encryption example)
Since you need some special action performed on both server side and client side, proxies are not the solution. You need to use message sinks to acheive what you want.
The website www.idesign.net also contains some resources and sample code for .NET remoting specialization (go to the Downloads section)
Hope this helps
Almost all extensions to the .NET remoting involve implementating IMessageSink.
.NET remoted calls go through the following chain:
[Client side]
call -> TransparentProxy -> RealProxy -> EnvoySinkChain -> ClientContextSinkChain -> ClientChannelSinkChain
<transport>
[Server side]
ServerChannelSinkChain -> ServerContextSinkChain -> ServerObjectSinkChain -> StackBuilderSink -> method call
You can choose to implement some sort of encryption on one of these sink chains, for example, client and server channel sinks (symmetric).
I must say that implementing such stuff requires a good understanding of .NET remoting infrastructure.
The following books are pretty good, and contain some examples of customized sinks:
"Microsoft .NET Remoting" - Microsoft Press - ISBN:0735617783
"Advanced .NET Remoting (C# Edition)" - Apress - ISBN:1590590252 (Contains encryption example)
Since you need some special action performed on both server side and client side, proxies are not the solution. You need to use message sinks to acheive what you want.
The website www.idesign.net also contains some resources and sample code for .NET remoting specialization (go to the Downloads section)
Hope this helps
I stumbled upon an article on MSDN that answers your needs exactly!
here's the link:
Part I - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/remsspi.asp
Part II - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/remsec.asp (What you need)
Part II contains an example of using custom channel sinks to add security to .NET remoting
here's the link:
Part I - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/remsspi.asp
Part II - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/remsec.asp (What you need)
Part II contains an example of using custom channel sinks to add security to .NET remoting
Eran_R please read my last post...