Hi Everyone,

I created my Windows service. I want to get the WindowsIdentity of the caller that calls my method in my Windows service. How do I do that?

Thanks in advance!!!
Cindy

Cindy,

I assume that your Windows service encapsulates a .NET remoting object;
otherwise, your question does not make much sense: a regular Windows service
just runs on its own with the identity defined in the Service Control
Manager (which is trivial to obtain). If my assumption is correct, you are
out of luck, because CLR does not support any security aspects in .NET
remoting objects running inside of Windows services. You options would be
to: (a) host your .NET remoting object in an ASP.NET application instead of
Windows service; (b) use SSPI (I cannot comment on this, but there are some
references on the Web); or (c) use a commercial product like GenuineChannels
(see http://www.genuinechannels.com/).

Alek

"Cindy Liu" <CindyLiu (AT) discussions (DOT) microsoft.com> wrote

Yes, my Windows service hosts a .Net remoting object, and I have a COM+ dll talking to it from different computer, and a web server on the same box calling COM+ methods. Now I want to pass WondowsIdentity token from COM+ dll to my Windows service. Can COM+ dll determine who is the caller, or my web server has to get the token and pass to COM+ dll?

"Alek Davis" wrote:

I am confused: which module do you want to detect the identity of the
caller: COM+ DLL or remoting object hosted in a Windows service. COM+ must
be able to do it easily, but not the remoting object.

Alek

"Cindy Liu" <CindyLiu (AT) discussions (DOT) microsoft.com> wrote

calling COM+ methods. Now I want to pass WondowsIdentity token from COM+ dll
to my Windows service. Can COM+ dll determine who is the caller, or my web
server has to get the token and pass to COM+ dll?

This is a very bad approach. If the user identity is passed as a method
parameter, what will prevent a malicious application to call this method
specifying any user it wants? If you need to know caller's identity for
security reasons, you should not do this. Regarding how to detect caller's
identity from a COM+ object, it depends how you implemented the com object.
If it is a C/C++ application, you get the caller's identity from the thread
context (or HTTP context). I am not sure about C#, but there must be lots of
examples how to do this. Sorry, I haven't worked with COM+ for years, so I
do not have an example at hand, but really this should not be difficult to
find.

Alek

"Cindy Liu" <CindyLiu (AT) discussions (DOT) microsoft.com> wrote

caller with the methods of my remoting object. The caller of my remoting
object is COM+ dll and its callers are asp pages. So now I want to get the
identity of caller from COM+.

I know it is not a good approach. Since my remoting object has to be hosted by Windows service, as you said that CLR does not support any security aspects in .NET
remoting objects running inside of Windows services, so the only way is to pass in the identity. Do you have any other way?

Thanks,
Cindy

"Alek Davis" wrote:

Please read my first reply. It mentions the three most obvious options I can
suggest.

Alek

"Cindy Liu" <CindyLiu (AT) discussions (DOT) microsoft.com> wrote

security aspects in .NET