.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

.NET Remoting: Secure Your .NET Remoting Traffic by Writing an Asymmetric Encryption Channel Sink

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

As .NET Remoting gains popularity in the enterprise space, it must meet business demands for trustworthy computing. Remoting traffic can be secured when objects are hosted in IIS, but when they aren't hosted in IIS, custom security solutions can be developed to secure them. This article provides an in-depth look at writing channel sinks for .NET. It also details the flow of data through custom channel sinks and explains the kinds of manipulations that can be performed on that data.

Stephen Toub

MSDN Magazine June 2003

View Complete Post

More Related Resource Links

Secure It: WS-Security and Remoting Channel Sinks Give Message-Level Security to Your SOAP Packets


As more organizations adopt XML-based Web Services, the need for message-level security has become evident. WS-Security, now supported in the Microsoft .NET Framework, addresses this need. Using the WS-Security framework, developers can implement channel sinks to intercept Remoting messages as they pass through the .NET Remoting infrastructure. The sink can read the message, change it, and pass it along. During this process, the message can be signed for added security. This article explains how to implement a Remoting channel sink that will modify the Remoting message by including a UserName token in the header, then sign the body using the token.

Neeraj Srivastava

MSDN Magazine November 2003

Which is more secure? ClientActivated / ServerActivated Remoting ?

Hi, I want to develop a client server model where multiple clients will be passing some data to a single server. I am using .Net remoting to acheive this. I was wondering which RemotingConfiguration should I go for (ClientActivated / ServerActivated)? Please help me analyse this. Thanks, Piyush Kumat

Using IPC only channel getting Unable to cast object of type 'System.Runtime.Remoting.Identity' to


I have a remoting application that is using delegates to preform callbacks between processes. I found that if I don't use a TCP channel at all and only initialize an IPC channel that the callback delegates start throwing the following error after about a minute has passed.

From what little I could find on Google it seems to be a Lifetime Service management issue but all the classes that the delegates belong to return null from InitializeLifetimeService which should give the object an infinite lifetime.

With the TCP channel initialized the issue doesn't happen, but I would like it to use the IPC channel if all of the processes are on the local box.


Type:        System.InvalidCastException
Message:    Unable to cast object of type 'System.Runtime.Remoting.Identity' to type 'System.Runtime.Remoting.ServerIdentity'.
Stack Trace:   
Server stack trace:
   at System.Runtime.Remoting.RemotingServices.GetServerTypeForUri(String URI)
   at System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, IMessage& responseMsg, ITransportHeaders& responseHeaders, Stream& responseStream)


Around the Horn: Engineer a Distributed System Using .NET Remoting for Process Intensive Analysis


Before the Microsoft .NET Framework, creating a distributed cluster of computers to perform scientific analysis was expensive in terms of hardware, programming and debugging time, and maintenance. You had to purchase expensive servers, spend time debugging network communication, design a distributed system completely different from a system deployed locally, and maintain a melting pot of error handling, data acquisition, networking, and analysis code. In this article, the author shows you how he was able to engineer a distributed computing system in C# to perform analysis of real-world data continuously acquired at high sampling rates, thanks to the .NET Framework.

Nate D'Anna

MSDN Magazine May 2005

Remoting: Managing the Lifetime of Remote .NET Objects with Leasing and Sponsorship


Leasing and sponsorship is the solution for managing the lifecycle of a remote object in .NET. Each object has a lease that prevents the local garbage collector from destroying it, and most distributed applications rely upon leasing. There are several ways in which objects and clients can extend the lease, including dedicated sponsor objects. In this article, the author explains leasing, shows how to configure it, and how it relates to the various remoting activation models. He then discusses design guidelines and options, along with their impact on throughput and performance. Additionally, he introduces a helper class used to automate the management of lease sponsors.

Juval Lowy

MSDN Magazine December 2003

Encrypt It: Keep Your Data Secure with the New Advanced Encryption Standard


The Advanced Encryption Standard (AES) is a National Institute of Standards and Technology specification for the encryption of electronic data. It is expected to become the accepted means of encrypting digital information, including financial, telecommunications, and government data. This article presents an overview of AES and explains the algorithms it uses. Included is a complete C# implementation and examples of encrypting .NET data. After reading this article you will be able to encrypt data using AES, test AES-based software, and use AES encryption in your systems.

James McCaffrey

MSDN Magazine November 2003

.NET Remoting: Create a Custom Marshaling Implementation Using .NET Remoting and COM Interop


The .NET Framework offers several methods for customizing the presentation of native .NET and COM object types. One such technique, custom marshaling, refers to the notion of specializing object type presentations. There are times, like when a legacy COM component needs to implement a new interface or when you need to make calls across process or machine boundaries, when custom marshaling saves the day. Elements of COM Interop permit the customizing of COM types while .NET Remoting offers the developer the ability to tailor native .NET types. This article examines these techniques.

Jim Sievert

MSDN Magazine September 2003

.NET Remoting: Design and Develop Seamless Distributed Applications for the Common Language Runtime


Prior to the advent of .NET, DCOM was the underlying technology for remote communications between Windows-based applications. But DCOM is quirky to set up and configure and not as interoperable as it should be. In .NET, XML Web Services and .NET Remoting are a seamless and effective answer to the demand for tools to build distributed applications.This article provides a primer on .NET Remoting with insights into the internal plumbing. Important aspects of remoting, such as channels, object lifetime management, and clients for remote objects are discussed. In addition, some practical examples are provided.

Dino Esposito

MSDN Magazine October 2002

Remoting from WebService throws: An existing connection was forcibly closed by the remote host

Hello everyone, I have a problem with using .NET remoting from webservice. When using remoting from console application, there is no problem. I suppose problem is somewhere in IIS. My system is Windows Vista. Thank you for any help. Best regards, Jozef

How to Pass higher Length of Byte Array to the remoting method

Dear all,I am using a windows application and the businness logic is present in the remote server.Once particular method takes bytearray as input parameter...Whenever the method call is made the function returns value .This is limited for the particular bytearray length. (4109228 bytes).If the length of bytearray crosses 4109228 bytes.I am getting an error that "input stream is not valid binary format".How to Pass higher Length of Byte Array to the remoting method... Greater than 4 MB?I believe something is missing in web.config or app.config...?What could be the issue...? Any sugesstions are welcome....ThanksRavikumar

Remoting architecture

I have written a small application (client) that executes a single log parsing on a machine. I want to build a service application that controls the results given by the client app. I have read that Marshall-By-Reference objects could solve the problem creating a proxy that make possible the communication with remote object. The disadvantage is that I have to distribute the client application, being the client in about 100 machines (W2K3) I can't figure out how can this be done easily. The second option I read is using WCF, more modern, probably more robust... sending "object" instead of creating a communication object seems more clean to me, but is it not oriented to Web services basically? It increases complexity? Which one do you recommend? The easiest to implement? The small app was designed to work isolated and return a result object, but WCF seems the way to go.

the type initializer for 'system.runtime.remoting.identity' threw an exception.

HI, I am trying to implement kerberos delegation in Active Directory enviroment with windows 2003 servers SP2. I have Client, ProxyServer and RemoteServer application that are developed on .Net framework v3.5 using .Net Remoting "System.Runtime.Remoting". I am not using Microsoft.Samples.Security.SSPI &  Microsoft.Samples.Runtime.Remoting.Security directly. my code is based on "http://blogs.msdn.com/dotnetremoting/archive/2006/07/06/662599.aspx" Only change that I have done is put impersonate="true" in channel configuration of ProxyServer and RemoteServer, and of course changed the UPN and Port and IP address. The Client's credentials are successfully impersonated by ProxyServer, I can access the text file on ProxyServer on behalf of client. But when from ProxyServer I try to execute the method on RemoteServer it throws "the type initializer for 'system.runtime.remoting.identity' threw an exception." After looking at blog http://www.secnewsgroups.net/group/microsoft.public.dotnet.security/topic8251.aspx I did required changing under Local Security Settings -> Local Policies -> User Rights Assignments -> impersonate a client after authentication and Create Global Objects. I have added three domain user names in three machine under whose credentials corrosponding application is running. When i run three applications on their

Sharing of Non-Static member variables of a class using .NET Remoting

This kind of weird. I am trying to host an object of a class X (a class library class). This is a SAO and I have set the WellKnownMode as Singleton in the server configuration. <wellknown mode="Singleton" When multiple clients fetch the instance of the class X they can share the static member variables. Any changes made to the static variables are visible to each other. The problem is with the non-static member variables of the class. Each instance is having a local copy of the non-static variables. Why should that happen in case of a Singleton mode? Am I missing something for which this is happening? Any help will be appreciated.  A for apple, B for boy, C for c++

Writing to a custom sink

Hi all,I'm using a modified version of Stephen Toub's secure channel to add compression to the sink along with encryption. Thanks to Stephen I have a very good base to build my sink on and I had no problem adding compression to the sink. Now I want to have compression feature enabled only if the user asks for it. I did'nt know how to send client request to the server. I know that I should write the boolean to the stream on the client side and read it on the server side but it should be done only once.Can anybody show me how or direct me to a sample on the web?Thanks in advance.

.NET Remoting Problem with Sponsor Renewal on CAO (Client Activated Object) Architecture

I have figured out a strange behaviour when using Client Activated Sponsorship and hope to get a hint from somebody who already got in touch with similar problems. The case is as follows: An Application is used by a server and a client. Both use (or try to use) the same objects after a user login. A lease of a session object on the server (serverSession) is initialised correctly with all of its regular remoting values in the lease for InitialLeaseTime (10) SponsorshipTimeout (5) RenewOnCallTime (10) In order to test the behaviour the values are set to seconds. It is easier to check the log every few seconds, than to wait some minutes until the Sponsorship Renewal call. If a client performs a login, the lease is according to its logged in state renewed each 10 seconds (or whatever the value is set to). So no problem so far. The lease will be alive as long as the client performs a logout, by the way it is used on a local network. Just compare the log (the renewal is firing every 10 seconds as expected): 2010-02-17 10:29:40.4338 Info Log5 SponsorObject:Renewal() 2010-02-17 10:29:50.4308 Info Log5 SponsorObject:Renewal() 2010-02-17 10:30:00.4328 Info Log5 SponsorObject:Renewal() 2010-02-17 10:30:10.4298 Info Log5 SponsorObject:Renewal() 2010-02-17 10:30:20.4318 Info Log5 SponsorObject:Renewal() 2010-02-17 10:30:30.4288 Info Log5 SponsorObject:Renewal() As soon as

Could not create SSL/TLS secure channel

I have a web service which calls into another web service. My web service allows anonymous access and the application pool runs under the "Local System" identity. I get the following error when my web service calls another web service which requires a cert for SSL:Could not create SSL/TLS secure channelI enabled a diagnostic trace, the end of which says:System.Net Information: 0 : [4168] SecureChannel#16871348 - Certificate is of type X509Certificate2 and contains the private key.System.Net Information: 0 : [4168] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent  = Outbound, scc     = System.Net.SecureCredential)System.Net Error: 0 : [4168] AcquireCredentialsHandle() failed with error 0X8009030D.System.Net Information: 0 : [4168] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent  = Outbound, scc     = System.Net.SecureCredential)System.Net Error: 0 : [4168] AcquireCredentialsHandle() failed with error 0X8009030D.System.Net.Sockets Verbose: 0 : [2928] Socket#13716631::Dispose()System.Net Error: 0 : [2928] Exception in the HttpWebRequest#19726116:: - The request was aborted: Could not create SSL/TLS secure channel.System.Net Error: 0 : [2928] Exception in the HttpWebRequest#19726116::EndGetResponse - The request was aborted: Could not create SSL/TLS secur

Secure channel cannot be opened because security negotiation with the remote endpoint has failed

Please help me to pinpoint what's wrong with the configurations. CoreClient client = new CoreClient(); client.ClientCredentials.UserName.UserName = "test"; client.ClientCredentials.UserName.Password = "test"; string msg = client.SayHello(); //==== ERROR Happens here Error message: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint. Configurations: Host: <behaviors> <serviceBehaviors> <behavior name="DefaultBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="false"/> <serviceCredentials> <serviceCertificate findValue="MyServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Promotion.Services.UsernameValidator, LibraryIIS" /> </serviceCredentials> </behavior>
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend