| Groups | Blog | Home |
dotnet remoting : MCSD 70-310 Creating and Consuming .NET Remoting Objects Exam Question
You are creating a .NET remoting application for hosting on an IIS server. You need to restrict the resources a remote object can access on a computer. You implement ____ to control the resources a remote object can access on a computer. (Choose one correct option) 1.. Role-base security 2.. SSL security 3.. Code Access security 4.. HttpChannel Web Security What is the correct answer and why?
Hi Greg,
In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com says... [quoted text, click to view] > I have a sample question: > > You are creating a .NET remoting application for hosting on an IIS server. > You need to restrict the resources a remote object can access on a computer. > You implement ____ to control the resources a remote object can access on a > computer. (Choose one correct option) > > > 1.. Role-base security > 2.. SSL security > 3.. Code Access security > 4.. HttpChannel Web Security > What is the correct answer and why? > > > I do not think that the question is very clear, but I'll bet on Role- base security. IIS hosted objects are running as ASPNET user by default, or if impersonated, with some other user's rights. And what a user can do with machine resources is controlled by this users rights. I.e. role- based security is the most right answer in my view.
[quoted text, click to view]
Sunny wrote: > I do not think that the question is very clear, but I'll bet on Role- > base security. IIS hosted objects are running as ASPNET user by > default, or if impersonated, with some other user's rights. Remoting objects don't log in Since it's hosted in IIS, and uses HTTP, I would go with SSL.
In article <#wWAgLQaEHA.3596@tk2msftngp13.phx.gbl>, "Eric" <Eric>
says... [quoted text, click to view] > Sunny wrote: > > > I do not think that the question is very clear, but I'll bet on Role- > > base security. IIS hosted objects are running as ASPNET user by > > default, or if impersonated, with some other user's rights. > > Remoting objects don't log in > > Since it's hosted in IIS, and uses HTTP, I would go with SSL. > > Eric > They are running with the rights of the process in which they are hosted. This is aspnet for asp.net processes. SSL is only encryption, it does nothing to do with the rights a process has over resources.
I agree with Sunny that this is pretty vaguely worded... it says you want to
"restrict the resources a remote object can access" -- it doesn't say anything about whether that's based on the identity of the user invoking the object's methods. So, to me, that implies code access security (i.e. independent of identity). But, since the server is in control of what objects get remoted, it would seem silly to remote an object that could perform operations you don't want to allow. So, I'd probably go with #4, HttpChannel security, because this is what allows the client to pass to the server the identity info with the object's method calls. But, I would think you'd use this in conjunction with role-based security on the server side. Ken [quoted text, click to view] "Sunny" <sunny@newsgroups.nospam> wrote in message news:e1vnkgOaEHA.808@tk2msftngp13.phx.gbl... > Hi Greg, > > > In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com > says... > > I have a sample question: > > > > You are creating a .NET remoting application for hosting on an IIS server. > > You need to restrict the resources a remote object can access on a computer. > > You implement ____ to control the resources a remote object can access on a > > computer. (Choose one correct option) > > > > > > 1.. Role-base security > > 2.. SSL security > > 3.. Code Access security > > 4.. HttpChannel Web Security > > What is the correct answer and why? > > > > > > > > I do not think that the question is very clear, but I'll bet on Role- > base security. IIS hosted objects are running as ASPNET user by default, > or if impersonated, with some other user's rights. And what a user can > do with machine resources is controlled by this users rights. I.e. role- > based security is the most right answer in my view. > > Sunny
[quoted text, click to view]
Sunny wrote: > SSL is only encryption, it does nothing to do with the rights a > process has over resources. That leaves us with CAS.
Well, this question was from the Practice Exam of the Microsoft official =
study guide Developing XML Web Services and Server Components with = Microsoft Visual Basic .NET and Microsoft Visual C# .NET for exam = 70-310. But apparently 3 Code Access security is the correct answer. The study = guide says You can use code-access security to secure remote objects. = But the study guide also mentions that If you host remote objects in = IIS, you can use the security feature of IIS and SSL to secure remote = objects. IIS hosting provides SSL, which allows you to secure messages = sent to or received from remote objects. In addition, you can use = Integrated Windows Authentication or Kerberos to secure the remote = objects hosted in IIS. So go figure. [quoted text, click to view] "Ken Kolda" <ken.kolda@elliemae-nospamplease.com> wrote in message =
news:OkqrTjRaEHA.1840@TK2MSFTNGP11.phx.gbl... > I agree with Sunny that this is pretty vaguely worded... it says you = want to > "restrict the resources a remote object can access" -- it doesn't say > anything about whether that's based on the identity of the user = invoking the > object's methods. So, to me, that implies code access security (i.e. > independent of identity). But, since the server is in control of what > objects get remoted, it would seem silly to remote an object that = could > perform operations you don't want to allow. >=20 > So, I'd probably go with #4, HttpChannel security, because this is = what > allows the client to pass to the server the identity info with the = object's > method calls. But, I would think you'd use this in conjunction with > role-based security on the server side. >=20 > Ken >=20 >=20 > "Sunny" <sunny@newsgroups.nospam> wrote in message > news:e1vnkgOaEHA.808@tk2msftngp13.phx.gbl... > > Hi Greg, > > > > > > In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com > > says... > > > I have a sample question: > > > > > > You are creating a .NET remoting application for hosting on an IIS > server. > > > You need to restrict the resources a remote object can access on a > computer. > > > You implement ____ to control the resources a remote object can = access > on a > > > computer. (Choose one correct option) > > > > > > > > > 1.. Role-base security > > > 2.. SSL security > > > 3.. Code Access security > > > 4.. HttpChannel Web Security > > > What is the correct answer and why? > > > > > > > > > > > > > I do not think that the question is very clear, but I'll bet on = Role- > > base security. IIS hosted objects are running as ASPNET user by = default, > > or if impersonated, with some other user's rights. And what a user = can > > do with machine resources is controlled by this users rights. I.e. = role- > > based security is the most right answer in my view. > > > > Sunny >=20
This is exactly why I think certification exams and the whole cottage =
industry surrounding them are a load of cr*p. In the first place it's a fallacy to suppose that you can accurately = gauge software development skill by asking a bunch of multiple-choice = questions. I'd rather have someone working for me that would flunk an = exam for lack of having memorized a bunch of sterile facts, but who has = common sense, good problem-solving skills, and knows how to RTFM, STFW, = or pick up the blasted reference books next to his or her desk when = confronted with something new or obscure. Add to this sloppily worded questions with indifferent editing, like the = example under consideration here, and you have yourself a real mess. = Nothing infuriates me more than someone making judgments about my skills = based on prose like this, that can't even clearly frame the question. = Time and again you find yourself thinking, not "what is the correct = answer"? But rather, "I wonder what they're fishing for?" A testee = should never have to read the test author's mind! I am acquainted with how this stuff is developed; as a former seminar = developer / instructor, I've been offered writing assignments through = intermediary contractors for MSFT tests. I have three words to describe = this process, at least the parts of it I've witnessed: Pa thet ic. --Bob [quoted text, click to view] "Greg" <gregjq@msn.com> wrote in message = Well, this question was from the Practice Exam of the Microsoft =news:e1bubfTaEHA.3756@tk2msftngp13.phx.gbl... official study guide Developing XML Web Services and Server Components = with Microsoft Visual Basic .NET and Microsoft Visual C# .NET for exam = 70-310. But apparently 3 Code Access security is the correct answer. The study = guide says You can use code-access security to secure remote objects. = But the study guide also mentions that If you host remote objects in = IIS, you can use the security feature of IIS and SSL to secure remote = objects. IIS hosting provides SSL, which allows you to secure messages = sent to or received from remote objects. In addition, you can use = Integrated Windows Authentication or Kerberos to secure the remote = objects hosted in IIS. So go figure. [quoted text, click to view] "Ken Kolda" <ken.kolda@elliemae-nospamplease.com> wrote in message =
news:OkqrTjRaEHA.1840@TK2MSFTNGP11.phx.gbl... > I agree with Sunny that this is pretty vaguely worded... it says you = want to > "restrict the resources a remote object can access" -- it doesn't = say > anything about whether that's based on the identity of the user = invoking the > object's methods. So, to me, that implies code access security (i.e. > independent of identity). But, since the server is in control of = what > objects get remoted, it would seem silly to remote an object that = could > perform operations you don't want to allow. >=20 > So, I'd probably go with #4, HttpChannel security, because this is = what > allows the client to pass to the server the identity info with the = object's > method calls. But, I would think you'd use this in conjunction with > role-based security on the server side. >=20 > Ken >=20 >=20 > "Sunny" <sunny@newsgroups.nospam> wrote in message > news:e1vnkgOaEHA.808@tk2msftngp13.phx.gbl... > > Hi Greg, > > > > > > In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com > > says... > > > I have a sample question: > > > > > > You are creating a .NET remoting application for hosting on an = IIS > server. > > > You need to restrict the resources a remote object can access on = a > computer. > > > You implement ____ to control the resources a remote object can = access > on a > > > computer. (Choose one correct option) > > > > > > > > > 1.. Role-base security > > > 2.. SSL security > > > 3.. Code Access security > > > 4.. HttpChannel Web Security > > > What is the correct answer and why? > > > > > > > > > > > > > I do not think that the question is very clear, but I'll bet on = Role- > > base security. IIS hosted objects are running as ASPNET user by = default, > > or if impersonated, with some other user's rights. And what a user = can > > do with machine resources is controlled by this users rights. I.e. = role- > > based security is the most right answer in my view. > >
[quoted text, click to view]
Greg wrote: > Well, this question was from the Practice Exam of the Microsoft > official study guide That explains why the question is weakly-worded. I took the 70-320 test, and I don't remember anything worded so vaguely.
Yes, as we can see :)
Still the question is not very clear. Sunny In article <ez0AmsSaEHA.996@TK2MSFTNGP12.phx.gbl>, "Eric" <Eric> says... [quoted text, click to view] > Sunny wrote:
> > > SSL is only encryption, it does nothing to do with the rights a > > process has over resources. > > That leaves us with CAS. > > Eric
my first inclination would be to use Role Base Security in this
instance. However, its more than likely code access security. [quoted text, click to view] On Mon, 12 Jul 2004 21:54:15 -0600, "Greg" <gregjq@msn.com> wrote:
>I have a sample question: > >You are creating a .NET remoting application for hosting on an IIS server. >You need to restrict the resources a remote object can access on a computer. >You implement ____ to control the resources a remote object can access on a >computer. (Choose one correct option) > > > 1.. Role-base security > 2.. SSL security > 3.. Code Access security > 4.. HttpChannel Web Security >What is the correct answer and why? >
To me the confusion comes because it's not clear when they say "a computer"
in the second sentence whether they're referring to the client or the server. If the remoted object is MBR, then the only resources that would be relevant are server resources. In this case, I usually think of this as being a situation for role-based security (i.e. based on the identity of the user on the other end of the remote object), which also involves HttpChannel security when used under IIS. If the remoted object is MBV, then the relevant resources are on the client, in which case I would think of code access security (so the remoted object can't be used maliciously by untrusted client code). Ken [quoted text, click to view] "Pollux" <pollux@nospam.spam> wrote in message news:MPG.1b60d40e81ca8d1c989682@beta.usenet.plus.net... > In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com > says... > > I have a sample question: > > > > You are creating a .NET remoting application for hosting on an IIS server. > > You need to restrict the resources a remote object can access on a computer. > > You implement ____ to control the resources a remote object can access on a > > computer. (Choose one correct option) > > > > > > 1.. Role-base security > > 2.. SSL security > > 3.. Code Access security > > 4.. HttpChannel Web Security > > What is the correct answer and why? > > > > > > > > Oh, I see the full thread now and there are quite a few confused people > apparently. There is absolutely nothing vague about this question. > > It cannot be 1 as the question clearly want to restrict access to the > object, not the user accessing it. > > It cannot be 2 as SSL is a form of encryption. > > I'm not sure what 4 is, but it looks like some form of authentication. > > The correct answer is definitely 3. > > Remoting has nothing to do with IIS as you could achieve remoting on > Apache too if that what you wanted to do.
[quoted text, click to view]
>Why would you chose anything else than Code Access Security? The wording >of the question makes it pretty clear that it is the remote object >you're trying to restrict, so role based security would be a wrong >answer. Just curious. You are entitled to your opinion.
By MBR I mean Marshal-By-Reference. Since objects that derive from
MarshalByRefObject actually live on the server, they have no way of accessing client resources (unless the resource is passed to them). Conversely, marshal-by-value objects (MBV) will actually live in the client, so from the client side they have no means of accessing server resources. Ken [quoted text, click to view] "Pollux" <pollux@nospam.spam> wrote in message news:MPG.1b6117e8793056c0989687@beta.usenet.plus.net... > In article <O$NeFTraEHA.3716@TK2MSFTNGP11.phx.gbl>, ken.kolda@elliemae- > nospamplease.com says... > > To me the confusion comes because it's not clear when they say "a computer" > > in the second sentence whether they're referring to the client or the > > server. > > > > If the remoted object is MBR, then the only resources that would be relevant > > are server resources. In this case, I usually think of this as being a > > situation for role-based security (i.e. based on the identity of the user on > > the other end of the remote object), which also involves HttpChannel > > security when used under IIS. > > > > If the remoted object is MBV, then the relevant resources are on the client, > > in which case I would think of code access security (so the remoted object > > can't be used maliciously by untrusted client code). > > > > Ken > > > > > > "Pollux" <pollux@nospam.spam> wrote in message > > news:MPG.1b60d40e81ca8d1c989682@beta.usenet.plus.net... > > > In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com > > > says... > > > > I have a sample question: > > > > > > > > You are creating a .NET remoting application for hosting on an IIS > > server. > > > > You need to restrict the resources a remote object can access on a > > computer. > > > > You implement ____ to control the resources a remote object can access > > on a > > > > computer. (Choose one correct option) > > > > > > > > > > > > 1.. Role-base security > > > > 2.. SSL security > > > > 3.. Code Access security > > > > 4.. HttpChannel Web Security > > > > What is the correct answer and why? > > > > > > > > > > > > > > > > > > Oh, I see the full thread now and there are quite a few confused people > > > apparently. There is absolutely nothing vague about this question. > > > > > > It cannot be 1 as the question clearly want to restrict access to the > > > object, not the user accessing it. > > > > > > It cannot be 2 as SSL is a form of encryption. > > > > > > I'm not sure what 4 is, but it looks like some form of authentication. > > I'm not sure what you mean by MBR or MBV, but doesn't the fact that it > involves remoting imply that we're talking about the resources on the > client?
In article <l8ddf0lv6fns1q4r41qodnag8jhfqvjrl7@4ax.com>,
allen@sparkysystems.com says... [quoted text, click to view] > my first inclination would be to use Role Base Security in this > instance. However, its more than likely code access security. > > On Mon, 12 Jul 2004 21:54:15 -0600, "Greg" <gregjq@msn.com> wrote: > > >I have a sample question: > > > >You are creating a .NET remoting application for hosting on an IIS server. > >You need to restrict the resources a remote object can access on a computer. > >You implement ____ to control the resources a remote object can access on a > >computer. (Choose one correct option) > > > > > > 1.. Role-base security > > 2.. SSL security > > 3.. Code Access security > > 4.. HttpChannel Web Security > >What is the correct answer and why? > > > > Why would you chose anything else than Code Access Security? The wording of the question makes it pretty clear that it is the remote object you're trying to restrict, so role based security would be a wrong
In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com
says... [quoted text, click to view] > I have a sample question: > > You are creating a .NET remoting application for hosting on an IIS server. > You need to restrict the resources a remote object can access on a computer. > You implement ____ to control the resources a remote object can access on a > computer. (Choose one correct option) > > > 1.. Role-base security > 2.. SSL security > 3.. Code Access security > 4.. HttpChannel Web Security > What is the correct answer and why? > > > Oh, I see the full thread now and there are quite a few confused people apparently. There is absolutely nothing vague about this question. It cannot be 1 as the question clearly want to restrict access to the object, not the user accessing it. It cannot be 2 as SSL is a form of encryption. I'm not sure what 4 is, but it looks like some form of authentication. The correct answer is definitely 3. Remoting has nothing to do with IIS as you could achieve remoting on
In article <6psdf01hkhuusd8q1gakdak4nvv95857ii@4ax.com>,
allen@sparkysystems.com says... [quoted text, click to view] > >Why would you chose anything else than Code Access Security? The wording > >of the question makes it pretty clear that it is the remote object > >you're trying to restrict, so role based security would be a wrong > >answer. Just curious. > > You are entitled to your opinion. > > I hope you didn't feel offended or anything. I was genuinely interested
In article <O$NeFTraEHA.3716@TK2MSFTNGP11.phx.gbl>, ken.kolda@elliemae-
nospamplease.com says... [quoted text, click to view] > To me the confusion comes because it's not clear when they say "a computer" > in the second sentence whether they're referring to the client or the > server. > > If the remoted object is MBR, then the only resources that would be relevant > are server resources. In this case, I usually think of this as being a > situation for role-based security (i.e. based on the identity of the user on > the other end of the remote object), which also involves HttpChannel > security when used under IIS. > > If the remoted object is MBV, then the relevant resources are on the client, > in which case I would think of code access security (so the remoted object > can't be used maliciously by untrusted client code). > > Ken > > > "Pollux" <pollux@nospam.spam> wrote in message > news:MPG.1b60d40e81ca8d1c989682@beta.usenet.plus.net... > > In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com > > says... > > > I have a sample question: > > > > > > You are creating a .NET remoting application for hosting on an IIS > server. > > > You need to restrict the resources a remote object can access on a > computer. > > > You implement ____ to control the resources a remote object can access > on a > > > computer. (Choose one correct option) > > > > > > > > > 1.. Role-base security > > > 2.. SSL security > > > 3.. Code Access security > > > 4.. HttpChannel Web Security > > > What is the correct answer and why? > > > > > > > > > > > > > Oh, I see the full thread now and there are quite a few confused people > > apparently. There is absolutely nothing vague about this question. > > > > It cannot be 1 as the question clearly want to restrict access to the > > object, not the user accessing it. > > > > It cannot be 2 as SSL is a form of encryption. > > > > I'm not sure what 4 is, but it looks like some form of authentication. I'm not sure what you mean by MBR or MBV, but doesn't the fact that it involves remoting imply that we're talking about the resources on the
indeed, it sounded like you were suggesting anyone that didn't choose
Code Access Security wasn't playing with a full deck. However, if that wasn't your inference, then the reason that RBS might be used for the same thing is that roles are setup specifically to restrict various accesses based on a users role. Thus, you would not let someone access something via this mechanism fairly easily. CAS is a better option, but RBS could be used for the same thing. [quoted text, click to view] On Thu, 15 Jul 2004 23:36:22 +0100, Pollux <pollux@nospam.spam> wrote:
>In article <6psdf01hkhuusd8q1gakdak4nvv95857ii@4ax.com>, >allen@sparkysystems.com says... >> >Why would you chose anything else than Code Access Security? The wording >> >of the question makes it pretty clear that it is the remote object >> >you're trying to restrict, so role based security would be a wrong >> >answer. Just curious. >> >> You are entitled to your opinion. >> >> > >I hope you didn't feel offended or anything. I was genuinely interested >in your reasoning.
Hi,
inline: In article <MPG.1b60d40e81ca8d1c989682@beta.usenet.plus.net>, pollux@nospam.spam says... [quoted text, click to view] > In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com > says... > > Oh, I see the full thread now and there are quite a few confused people > apparently. There is absolutely nothing vague about this question. There is :) [quoted text, click to view] > > It cannot be 1 as the question clearly want to restrict access to the > object, not the user accessing it. From the question: [quoted text, click to view] > > You need to restrict the resources a remote object can access on a computer. No one says TO the object, but how to restrict the object itself. And, also, the object is hosted in IIS. So this object runs with the rights of the ASPNET user, or some other user (using impersonation). With RBS you can restrict the rights of the user, so you can restrict the object as well. The question is not that clear at all, and RBS is possible answer. [quoted text, click to view] > The correct answer is definitely 3. Maybe the best, but not "definitely".[quoted text, click to view] > > Remoting has nothing to do with IIS as you could achieve remoting on > Apache too if that what you wanted to do. In general you are right, but this thread is about a specific question, and there IIS is a vital component :) [quoted text, click to view] > > You are creating a .NET remoting application for hosting on an IIS server.
In article <MPG.1b621d06e6f4cb8d98968b@beta.usenet.plus.net>,
pollux@nospam.spam says... [quoted text, click to view] > In article <OnaU7P1aEHA.752@TK2MSFTNGP09.phx.gbl>, > sunny@newsgroups.nospam says... > > Hi, > > > > inline: > > > > > > In article <MPG.1b60d40e81ca8d1c989682@beta.usenet.plus.net>, > > pollux@nospam.spam says... > > > In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com > > > says... > > > > > > Oh, I see the full thread now and there are quite a few confused people > > > apparently. There is absolutely nothing vague about this question. > > > > There is :) > > > > > > > > It cannot be 1 as the question clearly want to restrict access to the > > > object, not the user accessing it. > > > > From the question: > > > > You need to restrict the resources a remote object can access on a computer. > > > > No one says TO the object, but how to restrict the object itself. > > > > And, also, the object is hosted in IIS. So this object runs with the > > rights of the ASPNET user, or some other user (using impersonation). > > > > With RBS you can restrict the rights of the user, so you can restrict > > the object as well. The question is not that clear at all, and RBS is > > possible answer. > > > > > The correct answer is definitely 3. > > Maybe the best, but not "definitely". > > > > > > > > Remoting has nothing to do with IIS as you could achieve remoting on > > > Apache too if that what you wanted to do. > > > > > > In general you are right, but this thread is about a specific question, > > and there IIS is a vital component :) > > > > > > You are creating a .NET remoting application for hosting on an IIS server. > > > > Sunny > > > > I'm probably beating a dead horse, but I still don't see how there could > have been any confusion. I know close to nothing about ASP.NET, but I'm > aware that it runs within the context of the ASP User or whatever you > chose. By the way, ASP was never mentioned here. They keyword here is > remoting application which by definition I believe an ASP.Net > application isn't. A remoting application is executed on your machine > whereas an ASP.Net isn't unless IIS is on your machine. Same feeling (the horse). They definitely say "hosted in IIS". To be hosted in IIS, there definitely IS running ASP.Net process. The keyword here is "IIS hosted". The remoting object is executed on the server, not on the client. That's why it is "remote". It runs with the rights of the hosting process on the server. Remoting is not like downloading some assembly and running code locally. This is the starting point. It is "remotely" runned. [quoted text, click to view] > > Now let's assume for a second that we were indeed talking about an > ASP.Net application. Wouldn't it still make more sense to use Code > Access Security than Role Based security? I have no clue how it works, > but I would suspect that it works along the lines of loading up the said > assembly and do whatever it needs to do. As per the requirement, you > probably want to block access to the assembly rather than the more > general ASP user. You do not have to restrict the ASPNET user. You can create a special user just for that app, and impersonate. So the object will run with the rights of that specific user. [quoted text, click to view] > .... and remoting.> I'm starting to think that it's my lack of knowledge of ASP.Net that > prevented me from being confused. > One way or another, I'm not arguing that RBS is the best solution, but it is possible one. I have never implemented CBS, so I do not know how much time it will take me to restrict an assembly, comparing to restrict a user (which I know how to do). The main point is that even id CBS is the better solution, the posted question is not clear and has more than one answer.
[quoted text, click to view] "Pollux" <pollux@nospam.spam> wrote in message news:MPG.1b62581f940630bc98968c@beta.usenet.plus.net... > > [Snip] > > I think I can see where the confusion started for me. The only remoting > I was aware of was "URL remoting". In this case the exe runs within the > context of ieeexec.exe on your machine. Obviously in that context, the > exe could have been hosted on Apache as well, so obviously, as far as I > was concerned, there could be no doubt. > > You were confused by the fact that it said "hosted on IIS" so you > automatically assumed ASP.Net. I glanced MSDN and apparently it is a > wrong assumption. IIS is merely a "listener" that acts as a broker > between the 2 processes. Ooohhh. Now I see where you're coming from. But I think Microsoft refers to this as "Smart Client Deployment" -- it's not really "remoting" (which is not to say that your small client app couldn't use remoting). Definitely code access permissions make sense for apps deployed in this way -- it's all running on the client and in a restrictive sandbox, so CAPs are needed to do things like access the disk, etc. Remoting, on the other hand, is about processes that run code remotely (i.e. client/server), not just that retrieve code from a remote source and run it locally. And although you're right that IIS basically acts as a listener, a remoting server running IIS is subject to all the ASP.NET security contraints as a typical UI-based ASP.NET application. Anyway, I think this just goes to show how poorly-worded a question this was -- we couldn't even all agree on what they meant by a "remoted object". Ken
In article <b5rff0l1g5tkk451m8iqn0s8m5m4jcacvs@4ax.com>,
allen@sparkysystems.com says... [quoted text, click to view] > indeed, it sounded like you were suggesting anyone that didn't choose > Code Access Security wasn't playing with a full deck. However, if > that wasn't your inference, then the reason that RBS might be used for > the same thing is that roles are setup specifically to restrict > various accesses based on a users role. Thus, you would not let > someone access something via this mechanism fairly easily. CAS is a > better option, but RBS could be used for the same thing. > > On Thu, 15 Jul 2004 23:36:22 +0100, Pollux <pollux@nospam.spam> wrote: > > >In article <6psdf01hkhuusd8q1gakdak4nvv95857ii@4ax.com>, > >allen@sparkysystems.com says... > >> >Why would you chose anything else than Code Access Security? The wording > >> >of the question makes it pretty clear that it is the remote object > >> >you're trying to restrict, so role based security would be a wrong > >> >answer. Just curious. > >> > >> You are entitled to your opinion. > >> > >> > > > >I hope you didn't feel offended or anything. I was genuinely interested > >in your reasoning. > > I apologise if that's how I came across. It certainly wasn't my intention. It's just that I can think of a thousand of tricker questions than this particular one so I was suprised that so many people had a
In article <OnaU7P1aEHA.752@TK2MSFTNGP09.phx.gbl>,
sunny@newsgroups.nospam says... [quoted text, click to view] > Hi, > > inline: > > > In article <MPG.1b60d40e81ca8d1c989682@beta.usenet.plus.net>, > pollux@nospam.spam says... > > In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com > > says... > > > > Oh, I see the full thread now and there are quite a few confused people > > apparently. There is absolutely nothing vague about this question. > > There is :) > > > > > It cannot be 1 as the question clearly want to restrict access to the > > object, not the user accessing it. > > From the question: > > > You need to restrict the resources a remote object can access on a computer. > > No one says TO the object, but how to restrict the object itself. > > And, also, the object is hosted in IIS. So this object runs with the > rights of the ASPNET user, or some other user (using impersonation). > > With RBS you can restrict the rights of the user, so you can restrict > the object as well. The question is not that clear at all, and RBS is > possible answer. > > > The correct answer is definitely 3. > Maybe the best, but not "definitely". > > > > > Remoting has nothing to do with IIS as you could achieve remoting on > > Apache too if that what you wanted to do. > > > In general you are right, but this thread is about a specific question, > and there IIS is a vital component :) > > > > You are creating a .NET remoting application for hosting on an IIS server. > > Sunny > I'm probably beating a dead horse, but I still don't see how there could have been any confusion. I know close to nothing about ASP.NET, but I'm aware that it runs within the context of the ASP User or whatever you chose. By the way, ASP was never mentioned here. They keyword here is remoting application which by definition I believe an ASP.Net application isn't. A remoting application is executed on your machine whereas an ASP.Net isn't unless IIS is on your machine. Now let's assume for a second that we were indeed talking about an ASP.Net application. Wouldn't it still make more sense to use Code Access Security than Role Based security? I have no clue how it works, but I would suspect that it works along the lines of loading up the said assembly and do whatever it needs to do. As per the requirement, you probably want to block access to the assembly rather than the more general ASP user. I'm starting to think that it's my lack of knowledge of ASP.Net that
[quoted text, click to view]
Pollux <pollux@nospam.spam> wrote: >I think I can see where the confusion started for me. The only remoting >I was aware of was "URL remoting". The MSDN quickly stopped using that term, probably because it caused too much confusion with .NET Remoting. Unfortunately the certification literature had already adopted it and never bothered to expunge it. No-Touch Deployment in the .NET Framework http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_vstechart/html/vbtchNo-TouchDeploymentInNETFramework.asp ..NET Zero Deployment Security and Versioning Models in the Windows Forms Engine Help You Create and Deploy Smart Clients http://msdn.microsoft.com/msdnmag/issues/02/07/NetSmartClients/ "Using Internet Deployment to Achieve Zero Install and Zero Administration for Client Computers" Page 52 in Deploying .NET Applications: Lifecycle Guide http://www.microsoft.com/downloads/details.aspx?FamilyID=52637218-7f17-4e0b-9e62-61d698bf0ee1&displaylang=en The MSDN does not use the term "remoting application" to refer to "No-Touch Deployment" or "Zero Install" Building a Basic .NET Remoting Application
In article <#ybe002aEHA.3792@TK2MSFTNGP09.phx.gbl>,
sunny@newsgroups.nospam says... [quoted text, click to view] > In article <MPG.1b621d06e6f4cb8d98968b@beta.usenet.plus.net>, > pollux@nospam.spam says... > > In article <OnaU7P1aEHA.752@TK2MSFTNGP09.phx.gbl>, > > sunny@newsgroups.nospam says... > > > Hi, > > > > > > inline: > > > > > > > > > In article <MPG.1b60d40e81ca8d1c989682@beta.usenet.plus.net>, > > > pollux@nospam.spam says... > > > > In article <uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl>, gregjq@msn.com > > > > says... > > > > > > > > Oh, I see the full thread now and there are quite a few confused people > > > > apparently. There is absolutely nothing vague about this question. > > > > > > There is :) > > > > > > > > > > > It cannot be 1 as the question clearly want to restrict access to the > > > > object, not the user accessing it. > > > > > > From the question: > > > > > You need to restrict the resources a remote object can access on a computer. > > > > > > No one says TO the object, but how to restrict the object itself. > > > > > > And, also, the object is hosted in IIS. So this object runs with the > > > rights of the ASPNET user, or some other user (using impersonation). > > > > > > With RBS you can restrict the rights of the user, so you can restrict > > > the object as well. The question is not that clear at all, and RBS is > > > possible answer. > > > > > > > The correct answer is definitely 3. > > > Maybe the best, but not "definitely". > > > > > > > > > > > Remoting has nothing to do with IIS as you could achieve remoting on > > > > Apache too if that what you wanted to do. > > > > > > > > > In general you are right, but this thread is about a specific question, > > > and there IIS is a vital component :) > > > > > > > > You are creating a .NET remoting application for hosting on an IIS server. > > > > > > Sunny > > > I think I can see where the confusion started for me. The only remoting I was aware of was "URL remoting". In this case the exe runs within the context of ieeexec.exe on your machine. Obviously in that context, the exe could have been hosted on Apache as well, so obviously, as far as I was concerned, there could be no doubt. You were confused by the fact that it said "hosted on IIS" so you automatically assumed ASP.Net. I glanced MSDN and apparently it is a wrong assumption. IIS is merely a "listener" that acts as a broker
In article <eSlFpD4aEHA.3944@tk2msftngp13.phx.gbl>, ken.kolda@elliemae-
nospamplease.com says... [quoted text, click to view] > > "Pollux" <pollux@nospam.spam> wrote in message > news:MPG.1b62581f940630bc98968c@beta.usenet.plus.net... > > > > [Snip] > > > > I think I can see where the confusion started for me. The only remoting > > I was aware of was "URL remoting". In this case the exe runs within the > > context of ieeexec.exe on your machine. Obviously in that context, the > > exe could have been hosted on Apache as well, so obviously, as far as I > > was concerned, there could be no doubt. > > > > You were confused by the fact that it said "hosted on IIS" so you > > automatically assumed ASP.Net. I glanced MSDN and apparently it is a > > wrong assumption. IIS is merely a "listener" that acts as a broker > > between the 2 processes. > > Ooohhh. Now I see where you're coming from. But I think Microsoft refers to > this as "Smart Client Deployment" -- it's not really "remoting" (which is > not to say that your small client app couldn't use remoting). Definitely > code access permissions make sense for apps deployed in this way -- it's all > running on the client and in a restrictive sandbox, so CAPs are needed to do > things like access the disk, etc. > > Remoting, on the other hand, is about processes that run code remotely (i.e. > client/server), not just that retrieve code from a remote source and run it > locally. And although you're right that IIS basically acts as a listener, a > remoting server running IIS is subject to all the ASP.NET security > contraints as a typical UI-based ASP.NET application. > > Anyway, I think this just goes to show how poorly-worded a question this > was -- we couldn't even all agree on what they meant by a "remoted object". > > Ken > > > > Yes apparently remoting is closer to DCOM in concept than what I had in mind which is as you said more of a deployment technique. There is still one thing that isn't clear in my mind. I've read about how you can deploy your application on a share and have you users access it this way. If you then want to override to config file, you need to do so in you local machine.config file. This is exactly the same principle as URL Remoting right, ie the exe is downloaded to your download cache
In article <u5sgf0595hr5982f7notj7n41s7i2ocna3@4ax.com>, null@null.null
says... [quoted text, click to view] > Pollux <pollux@nospam.spam> wrote: > >I think I can see where the confusion started for me. The only remoting > >I was aware of was "URL remoting". > > The MSDN quickly stopped using that term, probably because > it caused too much confusion with .NET Remoting. > Unfortunately the certification literature had already > adopted it and never bothered to expunge it. > > > No-Touch Deployment in the .NET Framework > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_vstechart/html/vbtchNo-TouchDeploymentInNETFramework.asp > > > .NET Zero Deployment > Security and Versioning Models in the Windows Forms Engine > Help You Create and Deploy Smart Clients > http://msdn.microsoft.com/msdnmag/issues/02/07/NetSmartClients/ > > > "Using Internet Deployment to Achieve Zero Install and Zero > Administration for Client Computers" > Page 52 > > in > > Deploying .NET Applications: Lifecycle Guide > http://www.microsoft.com/downloads/details.aspx?FamilyID=52637218-7f17-4e0b-9e62-61d698bf0ee1&displaylang=en > > > The MSDN does not use the term "remoting application" to > refer to "No-Touch Deployment" or "Zero Install" > > Building a Basic .NET Remoting Application > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconbuildingbasicnetremotingapplication.asp >
[quoted text, click to view]
>Why would you chose anything else than Code Access Security? The wording >of the question makes it pretty clear that it is the remote object >you're trying to restrict, so role based security would be a wrong >answer. Totally agree.
Because You creating .. You will implement ...
tells me that I will do the Job that eliminates 2 and 4 Restricting object (probably assembly) not Users eliminates 1 so Answer is 3 Regards, Daniel [quoted text, click to view] "Greg" <gregjq@msn.com> wrote in message news:uyNaO0IaEHA.2972@TK2MSFTNGP12.phx.gbl... > I have a sample question: > > You are creating a .NET remoting application for hosting on an IIS server. > You need to restrict the resources a remote object can access on a computer. > You implement ____ to control the resources a remote object can access on a > computer. (Choose one correct option) > > > 1.. Role-base security > 2.. SSL security > 3.. Code Access security > 4.. HttpChannel Web Security > What is the correct answer and why? > >
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |