Improving Web Application Security: Threats and - CGISecurity

Chapter 13: Building Secure Remoted Components 357Then, use the following code to configure the proxy to use specific credentials:IDictionary channelProperties =ChannelServices.GetChannelSinkProperties(proxy);NetworkCredential credentials;credentials = new NetworkCredential("username", "password", "domain");ObjRef objectReference = RemotingServices.Marshal(proxy);Uri objectUri = new Uri(objectReference.URI);CredentialCache credCache = new CredentialCache();// Substitute "authenticationType" with "Negotiate", "Basic", "Digest",// "Kerberos" or "NTLM"credCache.Add(objectUri, "authenticationType", credentials);channelProperties["credentials"] = credCache;channelProperties["preauthenticate"] = true;Increase Performance with Authenticated Connection SharingWhen you set useDefaultCredentials=“true”, you should also set theuseAuthenticatedConnectionSharing property on the client side to true. Thisenables the server to reuse authenticated connections, rather than authenticating eachincoming call.This feature only works with the HttpChannel on version 1.1 of the .NETFramework.Force Clients to Authenticate With Each CallSet unsafeAuthenticatedConnectionSharing to false so that clients are not able tosupply their own credentials and connection group name to the server.If you set it to true, unauthenticated clients can possibly authenticate to the serverusing the credentials of a previously authenticated client. This setting is ignored if theuseAuthenticatedConnectionSharing property is set to true. This setting has someperformance implications since it closes each connection with the server, whichmeans that clients must authenticate with each call. If you use this setting, youshould also specify a ConnectionGroupName for each user that uses the connection.This feature only works with the HttpChannel on version 1.1 of the .NETFramework.