J-Integra® for .NET Security
Authentication
The J-Integra® for .NET runtime provides both Basic and Digest HTTP authentication
support for clients. Using this feature, J-Integra® for .NET client programs can access
.NET objects hosted in IIS and protected by IIS authentication control.
To set up authentication control for a .NET assembly hosted in IIS,
open the properties for the virtual directory and select the Directory
Security tab:
Click Edit... to launch the Authentication Methods dialog:
Select Basic and/or Digest authentication
as desired (the IIS documentation provides descriptions of both). Be sure
to disable anonymous access by unchecking the Anonymous Access
check box. Click on OK. Now, all clients will need to
provide the configured authentication information before they are allowed
to access this resource.
To enable a J-Integra® for .NET client to access the protected resource, you can
use the Janetor configuration tool.
Start Janetor, select the desired class under the Remote Objects
node, and enter valid authentication information on the Authentication
tab:
J-Integra® for .NET provides an API as an alternative for specifying authentication
parameters. The setAuthentication
method in the RemoteProxy
class can be used to specify authentication parameters for a named class.
Encryption
J-Integra® for .NET now supports encryption over TCP/IP or HTTP. This is accomplished
through the use of a channel provider on the .NET side that encrypts the
data after the binary formatter has been applied. This free provider can
be downloaded from GotDotNet.
J-Integra® for .NET has been verified to work version 1.2.1.0 of the SecureRemoting
Provider.
To use please follow the steps below
- You'll need to build the source and produce the SecureChannel.dll
assembly. Once this is built, you'll need to reference it in your .NET
project.
- Include the following in your remoting.config file:
<clientProviders>
<formatter ref="binary"/>
<provider type="MsdnMag.Remoting.SecureClientChannelSinkProvider,
SecureChannel" algorithm="3DES"/>
</clientProviders>
This should be in between the <channel ref="tcp"> tag.
A sample remoting.config file utilizing the SecureRemoting channel
provider is shown below:
<configuration>
<system.runtime.remoting>
<application>
<client url="tcp://localhost:8051">
<activated type="Factory,
JanetExample"/>
</client>
<channels>
<channel ref="tcp">
<clientProviders>
<formatter
ref="binary"/>
<provider
type="MsdnMag.Remoting.SecureClientChannelSinkProvider, SecureChannel"
algorithm="3DES"/>
</clientProviders>
</channel>
</channels>
</application>
</system.runtime.remoting>
</configuration>
- Finally you should add these tags to your janet.xml
file.
<EncryptAlgorithm>3DES</EncryptAlgorithm>
<EncryptProtocol>SecureRemoting</EncryptProtocol>
The should be under the <ServerMap> and right above </default>
tags.
A sample <ServerMap> section of the janet.xml file utilizing
the SecureRemoting channel provider is shown below:
<ServerMap>
<default>
<RenewOnCallTime>10</RenewOnCallTime>
<PassByReference>true</PassByReference>
<InitialContextFactory></InitialContextFactory>
<ProviderURL></ProviderURL>
<LeaseTime>10</LeaseTime>
<PropertySettings>
</PropertySettings>
<RenewOnCallUnit>1</RenewOnCallUnit>
<ActivationMode>0</ActivationMode>
<URI>tcp://localhost:8051/</URI>
<AssemblyName>JanetExample</AssemblyName>
<LeaseUnit>1</LeaseUnit>
<EncryptAlgorithm>3DES</EncryptAlgorithm>
<EncryptProtocol>SecureRemoting</EncryptProtocol>
</default>
</ServerMap>