I just implemented a scheme like this using a context attribute to add interception code into cross-context calls. There's a great article [1] by Juval Lowy in the March issue of MSDN that shows how to do this. Mike Woodring also has some sample code [2] on the DevelopMentor site that illustrates how to write a custom channel sink to capture the user principal during a remote method call.
Cheers, Jesse [1] http://msdn.microsoft.com/msdnmag/issues/03/03/ContextsinNET/default.aspx [2] http://www.developmentor.com/devresources/resourcedetail.aspx?type=t&id=846 > -----Original Message----- > From: Kamen Lilov [mailto:[EMAIL PROTECTED] > Sent: Monday, March 03, 2003 12:40 AM > To: [EMAIL PROTECTED] > Subject: [ADVANCED-DOTNET] Adding custom headers to formatter > > > I have an application that uses WinForms for the client and > an application server. These two tiers communicate through Remoting. > > I need to maintain some form of user session concept (for > authentication purposes, as well as to preserve across-call > information on the server side). There is a system in place > to establish a user sesion and provide credentials by calling > a web service through SSL. The client establishes a session > and receives a ticket that must be passed to the server every > time a call takes place. > > Although I can pass the ticket on every request as an > additional parameter (opaque string, or maybe even a > serializable object), it would be much more elegant for both > tiers to have a customized implementation of BinaryFormatter > that does this automatically. Besides not cluttering business > object calls with an additional parameter, this would also > help me to establish a ticket expiration / replacement scheme > that will help to prevent replay attacks to a degree - or at > least shorten the window of opportunity for these. > > I basically need to place some preprocessing code when a > remoting call takes place, add a custom "header" (the > IRemotingFormatter interface supports additional headers), > then pass on the request to the channel as .NET would > normally do. On the receiving side (server), I need to > intercept the invokation and do some checks on this custom > header, then let .NET deserialize the main call data and pass > it on to the MarshalByRef object being called. > > Has anybody implemented such a scheme? What would be the > pros and cons of this solution? > > Kamen Lilov > >
