Geeks With Blogs

News
View Szymon Kobalczyk's profile on LinkedIn

Szymon Kobalczyk's Blog A Developer's Notebook

I hope someone here could help me understand whats wrong. I tried to use the NegotiateStream class available in .NET 2.0 to secure a remoting connection. It was configured as follows:

Hashtable channelSettings = new Hashtable();
channelSettings["protectionLevel"] = System.Net.Security.ProtectionLevel.EncryptAndSign;
channelSettings["secure"] = true;
TcpClientChannel channel = new TcpClientChannel(channelSettings, null);
ChannelServices.RegisterChannel(channel);


It all worked fine when the client and server were running on the same machine. It also worked when server process was running on Windows 2003 Server box (with AD but the client machines were not registered in that domain). But when we tried to connect from one workstation to another (both Windows XP Prof.) we got following exception:

The server has rejected the client credentials.

Server stack trace:
   at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel)
   at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.CreateAuthenticatedStream(Stream netStream, String machinePortAndSid)
   at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.CreateSocketHandler(Socket socket, SocketCache socketCache, String machinePortAndSid)
   at System.Runtime.Remoting.Channels.SocketCache.CreateSocketHandler(Socket socket, String machineAndPort)
   at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint ipEndPoint)
   at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket()
   at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew)
   at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream)
   at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)


I couldn't find any other differences between these two setups other that mentioned above so now I wonder what are the requirements to use the Negotiate protocol? As far as I know, it uses the NTLM or Kerberos to authenticate sessions. Therefore, can it run on independent systems or does it always require ActiveDirectory?

Also, can anyone suggest any less demanding alternative to secure a remoting connection?

Posted on Monday, October 10, 2005 11:46 AM Development | Back to top


Comments on this post: Problem using NegotiateStream to secure .NET Remoting

# re: Problem using NegotiateStream to secure .NET Remoting
Requesting Gravatar...
if you have any solution of this problem, please tell me about it... the same error occurs in my project :(

email to: frank.friebe [at] gmx [dot] net
Left by Frank on Feb 20, 2006 5:13 PM

# re: Problem using NegotiateStream to secure .NET Remoting
Requesting Gravatar...
I'm having an almost identical problem. I have a set of about 30 machines I want to write a distributed app for (some on a domain and some not). From what I've experienced, remoting only works if everything is on the same domain. I'm not even using authentication and it's giving me credentials exceptions. If the client and server are on the same domain, I dont have problems at all. I'd like to pick at someone's brain about this one.

William Moore
Left by William Moore on Feb 28, 2006 8:31 PM

# re: Problem using NegotiateStream to secure .NET Remoting
Requesting Gravatar...
And my inability as a c# programmer shows itself again.........
I was setting the ensure security flag on both client and server to true when calling ChannelServices.RegisterChannel thinking it was something else.
Left by William Moore on Feb 28, 2006 8:57 PM

# re: Problem using NegotiateStream to secure .NET Remoting
Requesting Gravatar...
Please tell me what you did in order to fix this problem...

Thanks,
Dani
Left by Dani on Mar 03, 2006 2:11 PM

# re: Problem using NegotiateStream to secure .NET Remoting
Requesting Gravatar...
This almost gave me a heart attack .... we have a release in 2 weeks and we decided to switch to 2.0 .... anyway

I had misunderstood ChannelServices.RegisterChannel(IChannel chan, bool ensureSecurity);

the ensureSecurity should be set to false ....

keywords:
protection level, impersonate, authentication exception
Left by Shardool Karnik on Mar 07, 2006 2:23 PM

# re: Problem using NegotiateStream to secure .NET Remoting
Requesting Gravatar...
Actually ... I need to thank William Moore for the previous comment ..... which was the solution for this problem ...
Left by Shardool Karnik on Mar 07, 2006 2:26 PM

# re: Problem using NegotiateStream to secure .NET Remoting
Requesting Gravatar...
Hi,

I too am facing the same problem.
But I dont understand why setting the ensureSecurity variable to 'false' to
'SOLVE" this problem.
Doesnt setting this variable to 'FALSE" mean that my client - server communication is insecure ???
What do I do if i need a secure communication ?

Any suggestions / solutions ???
Left by Suwarna on Apr 27, 2006 1:09 PM

# re: Problem using NegotiateStream to secure .NET Remoting
Requesting Gravatar...
Yeah. Same thing with the .NET 3.0 WCF ... Im getting the SAME exception.
Left by Bo on Dec 12, 2006 8:19 PM

# re: Problem using NegotiateStream to secure .NET Remoting
Requesting Gravatar...
I suspect your error is due to the fact that the credentials you use on your client pc are unknown on the server workstation. Try to configure on both pc an account with same username and password.
Left by Spartaco on Feb 16, 2010 3:23 AM

Your comment:
 (will show your gravatar)


Copyright © Szymon Kobalczyk | Powered by: GeeksWithBlogs.net