M
miha.valencic
Hi!
What are the options for securing remote objects, which are accessible
through IIS, when you have an application deployed on the same server,
which uses custom Forms authentication?
Scenario:
Server hosts app a, which is configured as: authentication:Forms,
authorization: deny users="?".
Now, for Remoting to work, I had to specify that the remoting URI
(RemotableObject.rem) requires no authorization, so IIS let the request
through. Since this object return reference to another object, IIS
(ASP.NET) creates a temporary link to this remote object, which of
course can not be known in advance and the request thus fails. The URI
is, for instance like this:
/ff1338e5_a46f_4577_af4c_726910d1a39f/9AqnyvYRtRnG8Ai_7Q+5KSYG_80.rem
Two questions:
1) how to configure IIS (ASP.NET application) to let the remoting
requests through
2) how to configure IIS (and remoting app) to be secure? (once the
requests will go through).
I guess that one can not mix windows authentication for remoting and
custom forms authentication for "regular asp.net" application.
And the two (asp.net app & remoting objects) have to be deployed within
the same application, since remoting object is used to expose some of
the asp.net application functionality.
Pointers appreciated.
Rgds,
Miha
What are the options for securing remote objects, which are accessible
through IIS, when you have an application deployed on the same server,
which uses custom Forms authentication?
Scenario:
Server hosts app a, which is configured as: authentication:Forms,
authorization: deny users="?".
Now, for Remoting to work, I had to specify that the remoting URI
(RemotableObject.rem) requires no authorization, so IIS let the request
through. Since this object return reference to another object, IIS
(ASP.NET) creates a temporary link to this remote object, which of
course can not be known in advance and the request thus fails. The URI
is, for instance like this:
/ff1338e5_a46f_4577_af4c_726910d1a39f/9AqnyvYRtRnG8Ai_7Q+5KSYG_80.rem
Two questions:
1) how to configure IIS (ASP.NET application) to let the remoting
requests through
2) how to configure IIS (and remoting app) to be secure? (once the
requests will go through).
I guess that one can not mix windows authentication for remoting and
custom forms authentication for "regular asp.net" application.
And the two (asp.net app & remoting objects) have to be deployed within
the same application, since remoting object is used to expose some of
the asp.net application functionality.
Pointers appreciated.
Rgds,
Miha