Geek Answers Handbook

Why does IpcChannel tell me: "Can't open an anonymous level security token?"

I have a fairly simple client-server application that I use to separate two components that cannot live together in the same process. During their development (the server is exe, the client is the library), all my unit tests are satisfied with dung pigs. When I move on to re-working with the library elsewhere, I get the following exception:

System.Runtime.Remoting.RemotingException: An error occurred while processing the request on the server: System.Security.SecurityException: Cannot open an anonymous level security token.

   at System.Security.Principal.WindowsIdentity.GetCurrentInternal(TokenAccessLevels desiredAccess, Boolean threadOnly)
   at System.Security.Principal.WindowsIdentity.GetCurrent()
   at System.Runtime.Remoting.Channels.Ipc.IpcServerTransportSink.ServiceRequest(Object state)
The Zone of the assembly that failed was:
MyComputer.

I set up remote access on both sides of the code, not the configuration files for simplicity at this point. They are virtually identical:

BinaryClientFormatterSinkProvider client = new BinaryClientFormatterSinkProvider();
BinaryServerFormatterSinkProvider server = new BinaryServerFormatterSinkProvider();
server.TypeFilterLevel = TypeFilterLevel.Full;

Hashtable config = new Hashtable();
config["name"] = "SomeName";
config["portName"] = "SomePortName";

config["typeFilterLevel"] = "Full";
config["impersonate"] = "true";
config["tokenImpersonationLevel"] = "Impersonation";
config["useDefaultCredentials"] = "True";
config["secure"] = "True";

Channel = new IpcChannel(config, client, server);

So the question is: why does the remote access infrastructure want to create an anonymous token when impersonation is enabled? I completely ran out of places to look for answers to this.

+5
1

, , , , - . , :

:

Dictionary<string, object> properties = new Dictionary<string, object>();
properties["authorizedGroup"] = GetUsersGroupName();
properties["name"] = configuration.ServiceShortName + ".Server";
properties["portName"] = configuration.ServiceGuid;
BinaryServerFormatterSinkProvider sinkProvider = new BinaryServerFormatterSinkProvider();
sinkProvider.TypeFilterLevel = TypeFilterLevel.Full;
Channel = new IpcServerChannel(properties, sinkProvider);
Channel.IsSecured = true;
ChannelServices.RegisterChannel(Channel, true);
RemotingConfiguration.RegisterWellKnownServiceType(typeof(AppManagerServer), configuration.ServerObjectUrl, WellKnownObjectMode.SingleCall);

string GetUsersGroupName()
{
        const string builtInUsersGroup = "S-1-5-32-545";
SecurityIdentifier sid = new SecurityIdentifier(builtInUsersGroup);
NTAccount ntAccount = (NTAccount)sid.Translate(typeof(NTAccount));
        return ntAccount.Value;
}

:

channel = new IpcClientChannel(AppManagerConfiguration.Instance.ServiceShortName + ".Client", null);
ChannelServices.RegisterChannel(channel, true);
string appManagerUrl = "ipc://" + AppManagerConfiguration.Instance.ServiceGuid + "/" + AppManagerConfiguration.Instance.ServerObjectUrl;
(IAppManager)Activator.GetObject(typeof(IAppManager), appManagerUrl).DoSomething();

: : System.Security.SecurityException: .

System.Security.Principal.WindowsIdentity.GetCurrentInternal(TokenAccessLevels wishAccess, Boolean threadOnly)

System.Security.Principal.WindowsIdentity.GetCurrent()

System.Runtime.Remoting.Channels.Ipc.IpcServerTransportSink.ServiceRequest( )

: MyComputer

0

More articles:


All Articles