2 way Remoting from client to installed service and Access Denied issue
-
I have a publish/subscribe application running on a single machine. The system uses 2 ipc remoting channels, one set up on the installed service (which has no issue) and another set up on a client. The client sends uri information to the service via the service's remoting channel so telemetry can be sent to the observing client. I can connect to the service and do everything I need to do with it's ipc channel, but when I try to connect to the client's channel I receive an Access Denied error. The service is installed as "Local System" permission. I presume that this is a security issue but I can't seem to get it right... Any suggestions? Thanks! Scott P
"Simplicity carried to the extreme becomes elegance."
-Jon Franklin -
I have a publish/subscribe application running on a single machine. The system uses 2 ipc remoting channels, one set up on the installed service (which has no issue) and another set up on a client. The client sends uri information to the service via the service's remoting channel so telemetry can be sent to the observing client. I can connect to the service and do everything I need to do with it's ipc channel, but when I try to connect to the client's channel I receive an Access Denied error. The service is installed as "Local System" permission. I presume that this is a security issue but I can't seem to get it right... Any suggestions? Thanks! Scott P
"Simplicity carried to the extreme becomes elegance."
-Jon Franklincarbon_golem wrote:
I presume that this is a security issue
carbon_golem wrote:
Any suggestions?
My first suggestion is don't presume. Perhaps you could configure your system so that all it's processes are running under the same account and verify that the error is resolved under those conditions. If it is, some form of that could be a solution, correct?
-
I have a publish/subscribe application running on a single machine. The system uses 2 ipc remoting channels, one set up on the installed service (which has no issue) and another set up on a client. The client sends uri information to the service via the service's remoting channel so telemetry can be sent to the observing client. I can connect to the service and do everything I need to do with it's ipc channel, but when I try to connect to the client's channel I receive an Access Denied error. The service is installed as "Local System" permission. I presume that this is a security issue but I can't seem to get it right... Any suggestions? Thanks! Scott P
"Simplicity carried to the extreme becomes elegance."
-Jon FranklinI don't know why I didn't try this before. I had the client publishing it's IpcChannel with it's string uri only, and this won't work apparently if there's any kind of security needed. You need to specify the dictionary definitions when you create the channel as follows:
public static void Publish() { var serverProvider = new BinaryServerFormatterSinkProvider(); var clientProvider = new BinaryClientFormatterSinkProvider(); IDictionary props = new Hashtable(); serverProvider.TypeFilterLevel = TypeFilterLevel.Full; props["name"] = "Client"; props["portName"] = LogOnInformation.LogOnChannel; props["typeFilterLevel"] = "Full"; props["exclusiveAddressUse"] = "false"; props["authorizedGroup"] = "Everyone"; props["rejectRemoteRequests"] = "true"; var chan = new IpcChannel(props, clientProvider, serverProvider); // this has to be unique ChannelServices.RegisterChannel(chan, false); client = new LocationViewProxy(LogOnInformation); RemotingServices.Marshal(client, LogOnInformation.LogOnHost, typeof(LocationViewProxy)); }Thanks to those of you who looked. Scott P."Simplicity carried to the extreme becomes elegance."
-Jon Franklin -
carbon_golem wrote:
I presume that this is a security issue
carbon_golem wrote:
Any suggestions?
My first suggestion is don't presume. Perhaps you could configure your system so that all it's processes are running under the same account and verify that the error is resolved under those conditions. If it is, some form of that could be a solution, correct?
led mike wrote:
My first suggestion is don't presume.
100% correct. I should UNlearn what I have learned. It turned out that it WAS and WASN'T a security issue. I set the default security with the way I created the IpcChannel. I had to set it up using Hashtable props that include the security settings. If I hadn't taken the shortcut and did it the right way I would have spotted this right off. Thanks for the help, I appreciate it! Scott P.
"Simplicity carried to the extreme becomes elegance."
-Jon Franklin