|
-
May 21st, 2003, 02:28 AM
#1
Thread Starter
Hyperactive Member
Remoting ideas...
I wondered alone as a cloud... in the net, and I finally found (and maybe understand) something of remoting. I have a server application, it handles a DB, and I want a client application to get data from it, after authentication. For authentication I use sockets, but for communicating I could use now remoting, for example remoting the dataset object.
The question is how to prevent from getting a new object from the server if the client is not authorized.
I didn't find anything on the net, could please someone light on me?
Thx
Learn, this is the Keyword...
-
May 21st, 2003, 10:00 AM
#2
Instead of having a seperate authentication method you can use a factory style remoting setup. That means that all remoting calls go through one main object then just have that main object do the authentication first.
-
May 22nd, 2003, 08:16 AM
#3
Thread Starter
Hyperactive Member
I don't this this is a safe way... I don't want an unknown client to access my object... This is the idea. Letting to gain access to the object to an unknown client and the object authenticate it's not safe I think. If it's safe please explain me how to trace the IP addresses... My application should go through internet... I dislike the idea that all people can gain access to this object.
Best regards,
Xmas
Learn, this is the Keyword...
-
May 22nd, 2003, 08:17 AM
#4
Thread Starter
Hyperactive Member
And what about "factory style remoting setup"?
Thx
Learn, this is the Keyword...
-
May 22nd, 2003, 01:01 PM
#5
The Factory Style Setup means that you remote one object that then distributes other remoted objects. For instance you might have a UserFactory object that only has two methods GetUser and GetGroup or maybe in your case GetUser and Authenticate. This means that the only way to get the object you really want, in this example its the remoted User object is through the factory. That way on you can have the GetUser method fail if the client hasn't authenticated yet. The method of authentication doesn't really matter, you could have them pass in login info or a socket or whatever. So sure anyone can get the Factory object, but it doesn't do them any good unless they authenticate with it, thus you have your security.
-
May 22nd, 2003, 05:01 PM
#6
Thread Starter
Hyperactive Member
Let me better understand:
Code:
Client -------> Factory
^
|
|
|
MyObject
Is this the idea?
The factory has two methods: One is "Authenticate", the other is "GetObject"?
Thx
Learn, this is the Keyword...
-
May 22nd, 2003, 09:39 PM
#7
Here is an example for you. The only downside is that in order for each client to have to authenticate you have to use CAO (Client Activated Objects) so you can't use a shared interface you have to share the whole implementation.
-
May 23rd, 2003, 02:57 AM
#8
Thread Starter
Hyperactive Member
Edneeis!!!! VS 2003!!!!! I have 2002!!!!! But, I saw what you mean.
Thanx a lot, Secret Agent Man...
Xmas.
Learn, this is the Keyword...
-
May 23rd, 2003, 03:48 AM
#9
Forgot about that, but in Pirates signature is a link to a tool that converts 2003 projects to 2002. The only code that might need to change is the For..Each loops if any.
In 2003 you can do this:
For Each str As String In Strings()
Instead of this
Dim str As String
For Each str in Strings()
Other than that there is nothing specific to 2003
-
May 23rd, 2003, 11:15 AM
#10
Thread Starter
Hyperactive Member
I can't understand one thing: when you call the remote object, let's suppose create the new object, the console writes something, but the console is the server program. If I change this to a msgbox it appears to be the client. What's that?
Thx
Learn, this is the Keyword...
-
May 23rd, 2003, 11:28 AM
#11
Are you using the same computer as server and client?
If not it may be something to do with the CAO, since the client side has the code also. I'm not as familiar with CAO, sorry. Although the remoted object still runs on the server side so you'd think the Msgbox would be on the server. You have the Msgbox in the Shared DLL right, not the client app?
-
May 23rd, 2003, 12:43 PM
#12
Thread Starter
Hyperactive Member
The messagebox is in the shared DLL, and client and server run on the same machine...
Learn, this is the Keyword...
-
May 23rd, 2003, 12:45 PM
#13
Well I tested it with the client and server as seperate machines and the Msgbox will pop up on the server.
A few notes about remoting, its much more easier to use a config file as then you can make changes to how the remoting is done without recompiling your app. Also I used HTTP but TCP is much faster if you need better performance.
-
May 24th, 2003, 02:46 AM
#14
Thread Starter
Hyperactive Member
I know tha TCP is faster, and the BinaryFormatter also. In my application I use them, and the config files 
Well done, Edneeis! I didn't think about trying on different machines... And now that you say that it pops up on the server I can understand why I'm wrong: when Msgbox appear client freezes, and for that it seemed to me that it was on the client, instead it freezes because it waits for the remote method to finish.
Last question: without raw socket programming (it means don't use remoting and reinventing the wheel) , is it possible to get the IP address of the machine being served? I looked into the remoting namespace unsuccessfully.
Thanks a lot,
Xmas.
Learn, this is the Keyword...
-
May 24th, 2003, 03:28 AM
#15
I don't know of any way to get the IP address, sorry. If you host it via ISS then you can use windows authentication for security but that wont get you the IP address still. I saw somewhere where you could block non-local calls but i can't find the link anymore.
-
May 24th, 2003, 04:17 AM
#16
Thread Starter
Hyperactive Member
Custom Protection and others...
I thougth about protection: Let's have another remote object into the client, and when the client connects to the server, passes its IP address with username and password. When the server gets its IP address, connects to the remote object using that IP. If the server can connect to the client, the IP is right and then let see if we can authorize access to the protected object (that is a database for instance), otherwise disconnect.
What about that?
And, another question: why I can't remote an ADO connection? I'm using a OleDBConnection, it throws me :
VB Code:
Dim p As New OleDbDataAdapter(Query, myConnection)
The error is: "Not authorized: impossible to call no publics or statics methods in remote mode."
Thx
Learn, this is the Keyword...
-
May 24th, 2003, 04:35 AM
#17
Thread Starter
Hyperactive Member
It works now, fixed by changing
VB Code:
Dim p As New OleDbDataAdapter(Query, myConnection)
in
VB Code:
Dim p As New OleDbDataAdapter(Query, myConnectionString)
Let me always know about my protection idea.
Thx
Learn, this is the Keyword...
-
May 24th, 2003, 03:54 PM
#18
Sure your protection scheme seems like it would work, although it causes a lot of extra work. An easier way would be to have the client pass its ip address directly to the server. I think I thought of a way to do this that the user or another coder can't get around.
You have a small credential type object that the user has to create and pass to the server to authenticate. Then in the constructor have the credential object get the local ip address and store it so the server can read it. Since the client has to create the object locally to authenticate then it will have the local ip of the client. This would be the same as the client getting their IP address and pasing it as a string to the server, only the object does it for you so you know it can't be tampered with or changed.
Here is the same project revised with a second way to authenticate (use the bottom auth button).
-
May 25th, 2003, 03:32 AM
#19
Thread Starter
Hyperactive Member
Edneeis!!!! VS 2003!!!!! I have 2002!!!!!
Learn, this is the Keyword...
-
May 25th, 2003, 03:37 AM
#20
Thread Starter
Hyperactive Member
LOL! Very good job Edneeis, I thought another way: Authenticate with sockets, and keep the connection alive until the client disconnects. Let the object to be taken only once by the user authenticated via socket, until it disconnects... But your way seems simpler.
Thx.
Learn, this is the Keyword...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|