(Original) step-by-step learning of remoting 4: bearer mode (2)

Step-by-Step learning of remoting 4: bearer mode (2)

Here we will talk about the IIS bearer method. By the way, we will briefly talk about the remoting channel and the legacy problems in the complex object.

First, it is clear that IIS can only be carried through HTTP channels.

Let's create a web project, such as remoting, delete all webforms in the project, copy the remote object dll-RemoteObject.dll to the DLL folder of the project, and then open web. config for server settings:

<Configuration>
<Deleetask>
<Add key = "strconn" value = "Server = (local); uid = sa; Pwd =; database = Ubisoft"/>
</Appsettings>
<System. runtime. remoting>
<Application>
<Service>
<Wellknown type = "remoteobject. myobject, remoteobject" objecturi = "myobject. Soap"
Mode = "singlecall"/>
</Service>
<Channels>
<Channel ref = "HTTP"/>
</Channels>
</Application>
</System. runtime. remoting>
</Configuration>

To analyze the config:
1. You may not quite understand the type attribute. In fact, the type attribute is divided into two parts.<Namespace. Class Name>, <Assembly>
2. objecturi is used to represent the object URI. Then we will use this URI to connect to the server.
3. You need to specify the suffix soap (SOAP format) or REM (binary format) for the URI.

The test is actually very simple. In the browser, enter: http: // localhost/remoting/myobject. Soap? WSDL
Test. If the problem occurs, the configuration file or the object DLL is not correctly copied to the dll Directory.

Next, modify the configuration file of the client, mainly to modify the address.

<Configuration>
<Deleetask>
<Add key = "serviceurl" value = "http: // localhost/remoting/myobject. Soap"/>
</Appsettings>
</Configuration>

By default, IIS is hosted on port 80. You do not need to set any ports. We also need to note that the IIS mode uses this format as the address:
Http: // ip address/virtual directory/remote object. Soap

After running the client, if we have a large amount of data, we can feel the latency even on the local machine, which is much more efficient than the TCP method. In fact, the remoting efficiency of HTTP is worse than that of WebService, the specific choice of HTTP remoting or WebService depends on whether we need the object status.

The deployment of IIS also automatically starts the service. Another advantage is that it can be combined with the Windows identity authentication of IIS. Refer to some IIS configuration articles.

Let's take a look at the two 【Channel]:
By default, the HTTP channel uses the soap formatting program. Therefore, if the client needs to access objects over the Internet, the HTTP channel can be used. Because this method uses HTTP, the client is allowed to remotely access. Net objects through the firewall. Integrate these objects in IIS to configure them as Web service objects. Then, the client can read the WSDL files of these objects, so that soap can communicate with the remoting object.
By default, the TCP channel uses a binary formatting program. The formatter serializes data in binary format and uses the original socket to transmit data over the network. This method is ideal if the object is deployed in a firewall-protected closed environment. This method uses sockets to transmit binary data between objects, so the performance is better. Because it uses the TCP channel to provide objects, it has the advantage of small sales in a closed environment. This method cannot be used on the Internet due to firewall and configuration problems.

Therefore, we also need to select a channel based on our own needs! Let's take a look at remoting's many options: select the activation mode, select the channel, and select the bearer mode. So many options Give us flexibility and increase the difficulty of understanding remoting.

Msdn chapter: http://msdn.microsoft.com/library/CHS/cpguide/html/cpconChannels.asp

Finally, let's talk about the previous issues. Why is this security exception?
Http://www.cnblogs.com/lovecherry/archive/2005/05/20/159335.html

Msdn says:
A remote processing system dependent on runtime type verification must deserialize a remote stream before it can be used. Unauthorized clients may try to use the deserialization tool. To protect against such attacks,. NET remote processing provides two automatic deserialization levels: low and full. Low (default value) is used to prevent deserialization attacks. During deserialization, only the types associated with the most basic remote processing functions are processed, for example, automatic deserialization of the basic structure type of remote processing, limited system implementation type sets, and basic custom type sets.Full deserialization supports all automatic deserialization classes supported by remote processing in all circumstancesType.

First, modify the server configuration file:

<Configuration>
<System. runtime. remoting>
<Application name = "remoteserver">
<Service>
<Wellknown type = "remoteobject. myobject, remoteobject" objecturi = "remoteobject. myobject"
Mode = "Singleton"/>
</Service>
<Channels>
<Channel ref = "TCP" Port = "9999"/>
<Serverproviders>
<Provider ref = "WSDL"/>
<Formatter ref = "Soap" typefilterlevel = "full"/>
<Formatter ref = "binary" typefilterlevel = "full"/>
</Serverproviders>
</Channels>
</Application>
</System. runtime. remoting>
</Configuration>

Of course, you can also set it using a program: using system;
Using system. collections;
Using system. runtime. remoting;
Using system. runtime. remoting. channels;
Using system. runtime. remoting. channels. TCP;
Using system. runtime. serialization. formatters;

Remotingconfiguration. registerwellknownservicetype (typeof (remoteobject. myobject), "remoteobject. myobject", wellknownobjectmode. Singleton );
Binaryserverformattersinkprovider serverprovider = new binaryserverformattersinkprovider ();
Binaryclientformattersinkprovider clientprovider = new binaryclientformattersinkprovider ();
Serverprovider. typefilterlevel = typefilterlevel. Full;
Idictionary props = new hashtable ();
Props ["Port"] = 9999;
Tcpchannel channel = new tcpchannel (props, clientprovider, serverprovider );
Channelservices. registerchannel (Channel );
Console. Readline ();

The client must also use a program to make adjustments:
To use the configuration file to set the deserialization level, you must explicitly specify the typefilterlevel attribute of the <formatter> element. Although this is usually specified on the server side,However, you must specify this attribute for any channel on the client that is registered to listen for callback.To control its deserialization level

Add the same code as the server before the program: binaryserverformattersinkprovider serverprovider = new binaryserverformattersinkprovider ();
Binaryclientformattersinkprovider clientprovider = new binaryclientformattersinkprovider ();
Serverprovider. typefilterlevel = typefilterlevel. Full;
Idictionary props = new hashtable ();
Props ["Port"] = 0;
Tcpchannel channel = new tcpchannel (props, clientprovider, serverprovider );
Channelservices. registerchannel (Channel );

In this case, note: if the test port number on the same machine should be set to a port number different from that set on the server, it is recommended to set it to 0 (the remote processing system automatically selects the available port)

. Net remoting itself does not provide a security model. However, by resident remote objects in ASP. NET and using the HTTP channel for communication, remote objects can use the basic security services provided by IIS and ASP. NET. In comparison, TCP channels and custom host executable files provide higher performance, but such combinations do not provide built-in security functions.

• To authenticate the client, use the HTTP channel, resident the object in ASP. NET, and disable anonymous access in IIS.
 
• If you do not worry about client authentication, use the TCP channel to provide higher performance.
 
• If you use the TCP channel, use IPsec to protect the communication channel between the client and the server. Use SSL to protect the HTTP channel.
 
• If you need to make trusted calls to remote resources, place the components in the Windows service instead of in the console application.
 
• Never expose remote objects to the Internet. In this case, use the web service.
You should only use. Net remoting in the intranet. You should use internal methods to access objects from web applications. Even if the objects reside in ASP. NET, do not expose them to the Internet client because the client must be a. Net client.

Finally, let's take a look at an msdn article on remoting security:
Http://www.microsoft.com/china/msdn/library/architecture/architecture/architecturetopic/BuildSucApp/BSAAsecmod11.mspx
Speaking of this, some basic knowledge about remoting may be slightly advantageous. In the future, we will continue to strengthen these concepts!