Authentication with the HTTP Channel

This topic is specific to a legacy technology that is retained for backward compatibility with existing applications and is not recommended for new development. Distributed applications should now be developed using the  Windows Communication Foundation (WCF).

To authenticate remote calls with the HttpChannel channel, the remote object must be hosted under Internet Information Services (IIS).

Server Configuration

All authentication configuration on the server is done through IIS. There are no server configuration settings related to authentication for the HttpChannel. For more information about IIS and configuring authentication, see IIS Authentication.

Client Configuration

When calling a remote object hosted under IIS and configured for authentication, the client must specify credentials. To automatically send the credentials the client application is running under, set the useDefaultCredentials property to true:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.runtime.remoting>
    <application>
      <channels>
        <channel ref="http" useDefaultCredentials="true"/>
      </channels>
      <client>
        <wellknown 
           url="http://MyServer/IISSec/MyRemoteObj.rem"
           type="Shared.MyRemoteObj, Shared"/>
      </client>
    </application>
  </system.runtime.remoting>
</configuration>

If you want to specify an alternate set of credentials, you can do so programmatically as shown in the following code:

MyRemoteObj obj = new MyRemoteObj();
// Get the current set of channel sink properties
IDictionary props = ChannelServices.GetChannelSinkProperties(obj);
// Set domain, username, and password properties
props["domain"] = "SomeDomain";
props["username"] = "SomeUser";
props["password"] = "SomePassword123";
Console.WriteLine(obj.SayHello());

Alternatively you can programmatically set the credentials property, in which you specify a class that implements the ICredentials interface. First, create a class that implements the ICredentials interface:

namespace MyCredentialsLib
{
    public class MyCredentials : ICredentials
    {
        public NetworkCredential GetCredential(Uri uri, string authType)
        {
            Console.WriteLine("MyCredentials.GetCredential() called");
            NetworkCredential newCred = new NetworkCredential("SomeRemotingUser", "SomePassword");
            return newCred;
        }
    }
} 

Next, in the client you must create an instance of the class that implements ICredentials and set the credentials property to that instance as shown in the following code:

RemotingConfiguration.Configure("client.exe.config", false);
MyRemoteObj obj = new MyRemoteObj();
IDictionary props = ChannelServices.GetChannelSinkProperties(obj);
MyCredentials credentials = new MyCredentials();
props["credentials"] = credentials;
Console.WriteLine(obj.SayHello()); 

Note

It is never a good idea to hard code credentials into an application. It is done here for illustration purposes only.

The useAuthenticatedConnectionSharing property indicates that the server channel reuses authenticated connections rather than authenticating each incoming call. This property defaults to true when the useDefaultCredentials is set to true. This property can be set in a configuration file (within the <channel> element) or programmatically (exactly the same way the username and password properties were set in the sample code shown previously).

The unsafeAuthenticatedConnectionSharing property indicates the client supplies its own credentials and connection group name that the server uses to create an authenticated connection group. If this property is set to true, the connectionGroupName property must be set to a single authenticated user. This property is ignored if the useAuthenticatedConnectionSharing property is set to true.

See Also

Concepts

Authentication with the TCP Channel
Authentication with the IPC Channel
Encryption and Message Integrity