J-Integra® for .NET Security

Authentication

The J-Integra® for .NET runtime provides both Basic and Digest HTTP authentication support for clients. Using this feature, J-Integra® for .NET client programs can access .NET objects hosted in IIS and protected by IIS authentication control.

To set up authentication control for a .NET assembly hosted in IIS, open the properties for the virtual directory and select the Directory Security tab:

Click Edit... to launch the Authentication Methods dialog:

Select Basic and/or Digest authentication as desired (the IIS documentation provides descriptions of both). Be sure to disable anonymous access by unchecking the Anonymous Access check box. Click on OK. Now, all clients will need to provide the configured authentication information before they are allowed to access this resource.

To enable a J-Integra® for .NET client to access the protected resource, you can use the Janetor configuration tool. Start Janetor, select the desired class under the Remote Objects node, and enter valid authentication information on the Authentication tab:

J-Integra® for .NET provides an API as an alternative for specifying authentication parameters. The setAuthentication method in the RemoteProxy class can be used to specify authentication parameters for a named class.

Encryption

J-Integra® for .NET now supports encryption over TCP/IP or HTTP. This is accomplished through the use of a channel provider on the .NET side that encrypts the data after the binary formatter has been applied. This free provider can be downloaded from GotDotNet. J-Integra® for .NET has been verified to work version 1.2.1.0 of the SecureRemoting Provider.

To use please follow the steps below

  1. You'll need to build the source and produce the SecureChannel.dll assembly. Once this is built, you'll need to reference it in your .NET project.
  2. Include the following in your remoting.config file:

    <clientProviders>
       <formatter ref="binary"/>
       <provider type="MsdnMag.Remoting.SecureClientChannelSinkProvider, SecureChannel" algorithm="3DES"/>
    </clientProviders>

    This should be in between the <channel ref="tcp"> tag.

    A sample remoting.config file utilizing the SecureRemoting channel provider is shown below:

    <configuration>
      <system.runtime.remoting>
        <application>
          <client url="tcp://localhost:8051">
            <activated type="Factory, JanetExample"/>
          </client>
          <channels>
            <channel ref="tcp">
              <clientProviders>
                <formatter ref="binary"/>
                <provider type="MsdnMag.Remoting.SecureClientChannelSinkProvider, SecureChannel" algorithm="3DES"/>
              </clientProviders>
            </channel>
          </channels>
        </application>
      </system.runtime.remoting>
    </configuration>
  3. Finally you should add these tags to your janet.xml file.

    <EncryptAlgorithm>3DES</EncryptAlgorithm>
    <EncryptProtocol>SecureRemoting</EncryptProtocol>

    The should be under the <ServerMap> and right above </default> tags.

    A sample <ServerMap> section of the janet.xml file utilizing the SecureRemoting channel provider is shown below:

    <ServerMap>
      <default>
        <RenewOnCallTime>10</RenewOnCallTime>
        <PassByReference>true</PassByReference>
        <InitialContextFactory></InitialContextFactory>
        <ProviderURL></ProviderURL>
        <LeaseTime>10</LeaseTime>
        <PropertySettings>
        </PropertySettings>
        <RenewOnCallUnit>1</RenewOnCallUnit>
        <ActivationMode>0</ActivationMode>
        <URI>tcp://localhost:8051/</URI>
        <AssemblyName>JanetExample</AssemblyName>
        <LeaseUnit>1</LeaseUnit>
        <EncryptAlgorithm>3DES</EncryptAlgorithm>
        <EncryptProtocol>SecureRemoting</EncryptProtocol>
      </default>
    </ServerMap>

© 2007 Intrinsyc Software International, Inc. All rights reserved. Legal