all groups > dotnet remoting > march 2007 >
You're in the

dotnet remoting

group:

Help Needed..dotnet remoting security issue



Help Needed..dotnet remoting security issue sumu
3/8/2007 1:45:03 AM
dotnet remoting: Hello,

I am trying to develop a dot net client server application.My
application works perfects on LAN..The problem arised when i tried to
host the remote object in a webserver.
The error i get is
" Type System.DelegateSerializationHolder and the types derived from
it (such as System.DelegateSerializationHolder) are not permitted to
be deserialized at this security level."
I am aware of the security issue in dotnet and am using
typefilterlevel.Full in both server and client.
I will paste my code for your reference

//code in server

public string StartHttpServer()
{
HttpChannel chnl;
retmsg="ok";
try
{
BinaryServerFormatterSinkProvider ServProv=new
BinaryServerFormatterSinkProvider();
ServProv.TypeFilterLevel=System.Runtime.Serialization.Formatters.TypeFilterLevel.Full;
BinaryClientFormatterSinkProvider ClientProv=new
BinaryClientFormatterSinkProvider();
IDictionary props=new Hashtable();
props["port"]=4444;
props["typeFilterLevel"] = "Full";
chnl=new HttpChannel(props,ClientProv,ServProv);
ChannelServices.RegisterChannel(chnl);
RemotingConfiguration.RegisterWellKnownServiceType(typeof(Remoting.Remotableobject),"Remotableobject.rem",WellKnownObjectMode.Singleton);
props.Clear();
props=null;
}
catch(Exception ex)
{
retmsg=ex.Message;
}
return retmsg;
}

//Code in Client


public ChatCenter(callbackclass callbackobj,Remotableobject
remfromLogin)
{
callback=callbackobj;
rem=remfromLogin;

IDictionary props=new Hashtable();
BinaryServerFormatterSinkProvider serv=new
BinaryServerFormatterSinkProvider();
BinaryClientFormatterSinkProvider cl=new
BinaryClientFormatterSinkProvider();
serv.TypeFilterLevel=System.Runtime.Serialization.Formatters.TypeFilterLevel.Full;

props["typeFilterLevel"] = TypeFilterLevel.Full;
props["port"]=0;

chnl=new HttpChannel(props,cl,serv);
ChannelServices.RegisterChannel(chnl);
props.Clear();
props=null;
try
{
rem= (Remoting.Remotableobject)
Activator.GetObject(typeof(Remoting.Remotableobject),server);

//Here the remote object returns the server ip without any problem.
MessageBox.Show(rem.checkConnectivity());

//The error is thrown from this statement
rem.eventRxText+=new ReceieveText(callback.rem_eventRxText);
rem.eventGtUsers+=new getusers(callback.rem_eventGtUsers);

}
catch(Exception ex)
{
MessageBox.Show(null,ex.Message,"Unable to reach
server",MessageBoxButtons.OK,MessageBoxIcon.Exclamation);
System.IO.StreamWriter sr=new System.IO.StreamWriter(@"E:\dotnet\c#
\RemoteClient\log.htm",true);
sr.Write(ex.Message);
sr.Close();
}
}


Please somebody help me..
I am struggleing with this for one week.

Thanks in Advance
Re: Help Needed..dotnet remoting security issue Vertygo
3/9/2007 7:47:42 AM
Here is my example that works:

Server:

BinaryClientFormatterSinkProvider clientProvider = new
BinaryClientFormatterSinkProvider();
BinaryServerFormatterSinkProvider serverProvider = new
BinaryServerFormatterSinkProvider();
serverProvider.TypeFilterLevel =
System.Runtime.Serialization.Formatters.TypeFilterLevel.Full;

ht["name"] = string.Empty;
ht["port"] = 9000;
ht.Add("typeFilterLevel",
System.Runtime.Serialization.Formatters.TypeFilterLevel.Full);

TcpChannel channel = new TcpChannel(ht, clientProvider,
serverProvider);
ChannelServices.RegisterChannel(channel);

string identifier = "Downloader";
WellKnownObjectMode mode = WellKnownObjectMode.Singleton;

WellKnownServiceTypeEntry entry = new
WellKnownServiceTypeEntry(typeof(ServerTalk),
identifier, mode);
RemotingConfiguration.RegisterWellKnownServiceType(entry);

Client:

BinaryClientFormatterSinkProvider clientProvider = new
BinaryClientFormatterSinkProvider();
BinaryServerFormatterSinkProvider serverProvider = new
BinaryServerFormatterSinkProvider();
serverProvider.TypeFilterLevel =
System.Runtime.Serialization.Formatters.TypeFilterLevel.Full;
TcpChannel channel;
RemotingConfiguration.CustomErrorsEnabled(false);
System.Collections.IDictionary oChannelProperties = new
System.Collections.Hashtable();
oChannelProperties.Add("name", string.Empty);
oChannelProperties.Add("port", 0);
oChannelProperties.Add("typeFilterLevel",
System.Runtime.Serialization.Formatters.TypeFilterLevel.Full);

channel = new TcpChannel(oChannelProperties,
clientProvider, serverProvider);

RemotingConfiguration.CustomErrorsEnabled(false);
if(RemotingConfiguration.CustomErrorsMode !=
CustomErrorsModes.Off)
RemotingConfiguration.CustomErrorsMode =
CustomErrorsModes.Off;


System.Runtime.Remoting.Channels.ChannelServices.RegisterChannel(channel,
false);
Got something to say? Click here to post a reply to this thread.
Don't see what you're looking for? Try a search.
View other messages in the dotnet remoting group.
AddThis Social Bookmark Button
View Other Months
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
home · blog · groups Questions? Comments? Contact the dn