[Mono-dev] RFC on remoting security stuff
AtsushiEno
atsushi at ximian.com
Mon Oct 1 04:00:29 EDT 2007
Hi,
As part of filling .NET 2.0 API, I am wondering how and what we need to do
secure remoting support (introduced in 2.0), namely HttpChannel, TcpChannel
and IpcChannel. (I'd like to put my disclaimer - am far from familiar
with those
remoting stuff, so don't hit me if I am misunderstanding the entire bits ;-)
It seems that secure remoting stuff sorta involves
WindowsImpersonationContext
which is based on authentication information which will be likely from
System.Net.CredentialCache.DefaultCredentials (if written in managed land).
DefaultCredentials seems to require CAS (and some work, as it is
commented as "Need EnvironmentPermission implementation first"). So I guess
it is not likely possible to implement security support in the same
manner as
.NET does.
So I'd like to hear you guys' ideas. Would we just leave them unimplemented,
or find some alternative security support, like using TLS to at least enable
encryption (and optionally integrity by some certificate configuration) ?
(While we could implement NegotiateStream and hence secure connection itself
would not be an issue, am having problems to solve NTLM issue on my machine
and cannot implement it so far.)
Atsushi Eno
More information about the Mono-devel-list
mailing list