Authentication Overview

This topic is specific to a legacy technology that is retained for backward compatibility with existing applications and is not recommended for new development. Distributed applications should now be developed using the Windows Communication Foundation (WCF).

Authentication is the process of verifying the identity of a client. When writing a remoting application you must verify a user's credentials before allowing them access to your object(s). Once a user has been verified, your code can then decide whether to allow them access to your methods. The process of allowing or disallowing a user access to resources is called authorization. A process related to authentication and authorization is impersonation. Impersonation allows a remote object to execute code as if it were running as a different user. Under certain circumstances the client has the remoting application run using its credentials. Other times the client specifies a different set of credentials for the remote method to run under. The remoting channel infrastructure provides authentication and impersonation services only.

This section discusses how to configure authentication and impersonation with each of the built-in channels: HttpChannel, TcpChannel, and IpcChannel.

In This Section

See Also


Security in Remoting