Impersonation with IPCChannel

alexyap1205

2008-08-27 02:31:00 UTC

Hi, I am actually trying to do the scenario below that's why I am asking this
question.

Firstly, I have the following Set-up:

Client -> Server -> Service

The Client uses WCF TCP Binding to the server. Here I was able to do
impersonation, by checking the Windows.GetCurrent() and
OperationContext.Current.ServiceSecurityContext.WindowsIdentity it gives me
the credential used by the client.

Then on the Server side, I need to make a call to another locally running
service. Here I am using IPCChannel for .NET Remoting, as this seems enough &
much suitable for my needs. However, when I tried to create the very first
instance of the Remoting Object on the Service I got the access denied
exception.

Any advise on how I could pass the WindowsIdentity all the way to the
Service without having this access denied exception?

Thank you in advance for the help.
--
Alexander Yap

Post by alexyap1205
Hi,
I am trying out impersonation with IPCChannel but for some reason it always
throws an Access Denied Exception when I tried to connect to the port. Could
anyone help me how to do this?
BinaryServerFormatterSinkProvider serverProvider = new
BinaryServerFormatterSinkProvider();
serverProvider.TypeFilterLevel =
System.Runtime.Serialization.Formatters.TypeFilterLevel.Full;
System.Collections.IDictionary props = new
System.Collections.Hashtable();
props["portName"] = "TestRemoteObject";
props["name"] = "TestRemoteObject";
props["authorizedGroup"] = "Everyone";
props["impersonate"] = true;
props["secure"] = true;
serverChannel = new IpcServerChannel(props, serverProvider);
ChannelServices.RegisterChannel(serverChannel, true);
RemotingConfiguration.RegisterWellKnownServiceType(typeof(RemoteObject),
"TestRemoteObject", WellKnownObjectMode.Singleton);
BinaryClientFormatterSinkProvider clientSink = new
BinaryClientFormatterSinkProvider();
System.Collections.IDictionary clientProps = new
System.Collections.Hashtable();
clientProps["secure"] = true;
clientProps["tokenImpersonationLevel"] =
TokenImpersonationLevel.Delegation;
IpcClientChannel clientChannel = new
IpcClientChannel(clientProps, clientSink);
ChannelServices.RegisterChannel(clientChannel, true);
// Impersonate user to use Administrator
IntPtr token;
bool result = LogonUser(
"Administrator", "MyMachine",
"MyPassword",
LogonTypes.Network,
LogonProviders.Default,
out token);
if (result)
{
WindowsIdentity identity = new WindowsIdentity(token);
using (WindowsImpersonationContext imp =
identity.Impersonate())
{
try
{
RemoteObject remote =
(RemoteObject)Activator.GetObject(typeof(RemoteObject),
"ipc://TestRemoteObject/TestRemoteObject");
message = remote.Echo("Test");
}
catch (Exception exc)
{
message = exc.ToString();
}
imp.Undo();
}
MessageBox.Show(message);
CloseHandle(token);
}
Access is denied.
at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName,
Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)
at
System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String
portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout)
at
System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage
msg, ITransportHeaders requestHeaders, Stream requestStream,
ITransportHeaders& responseHeaders, Stream& responseStream)
at
System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Ive tried different values for the tokenImpersonationLevel, but it still has
the same result.
Any advise?
Thank you.
--
Alexander Yap