我有一个.NET远程处理服务器,它使用IPC通道和多个客户端。我需要设置服务器端,以便只有管理员才能访问管道。我知道服务器通道有"authorizedGroup"属性。
当我没有设置它时,我只能在服务器和客户端在同一帐户下进行通信(好)。如果我将其设置为"Users"(我使用英文版的Windows),则服务器可以在LocalSystem下运行,客户端可以像任何其他用户一样运行(好)。当我创建一个专门的小组时,它也很好。但我想对其进行配置,以便只有本地Administrators组的成员才能连接。我尝试将authorizedGroup设置为"Administrators"或"BUILTIN\Administrators",但在客户端上出现了一个异常,基本上是"拒绝访问",尽管运行客户端的用户是Administrators组的成员。
服务器配置:
var clientProv = new BinaryClientFormatterSinkProvider();
var serverProv = new BinaryServerFormatterSinkProvider() { TypeFilterLevel = TypeFilterLevel.Full };
Hashtable channelProperties = new Hashtable();
channelProperties.Add("portName", "MyService");
channelProperties.Add("authorizedGroup", "Administrators");
channelProperties.Add("secure", "true");
channelProperties.Add("exclusiveAddressUse", false);
channel = new IpcChannel(channelProperties, clientProv, serverProv);
ChannelServices.RegisterChannel(channel, false);
RemotingServices.Marshal(this, "MyService.rem");
客户端配置:
var clientProv = new BinaryClientFormatterSinkProvider();
var serverProv = new BinaryServerFormatterSinkProvider() { TypeFilterLevel = TypeFilterLevel.Full };
Hashtable channelProperties = new Hashtable();
channelProperties.Add("portName", "remotingClient_" + Guid.NewGuid().ToString("N"));
channelProperties.Add("authorizedGroup", GetNameForSid(WellKnownSidType.LocalSystemSid));
channelProperties.Add("exclusiveAddressUse", false);
channelProperties.Add("secure", "true");
channelProperties.Add("tokenImpersonationLevel", "identification");
channel = new IpcChannel(channelProperties, clientProv, serverProv);
ChannelServices.RegisterChannel(channel, false);
var uri = "ipc://" + "MyService/MyService.rem";
RemotingConfiguration.RegisterWellKnownClientType(new WellKnownClientTypeEntry(typeof(IMyService), uri));
remoteServer = (IMyService)Activator.GetObject(typeof(IMyService), uri);
你知道我做错了什么吗?或者至少我该如何开始调试这个问题。
我知道我们都讨厌这个答案,但它对我有效。
我用一个Ping方法制作了一个接口IMyService。然后我实现了它,并将您的客户端代码添加到它的构造函数中,因为我看到您在Marshal调用中将其注册为服务:
public class MyService : MarshalByRefObject, IMyService
{
private IpcChannel channel;
public MyService()
{
var clientProv = new BinaryClientFormatterSinkProvider();
var serverProv = new BinaryServerFormatterSinkProvider() { TypeFilterLevel = TypeFilterLevel.Full };
Hashtable channelProperties = new Hashtable();
channelProperties.Add("portName", "MyService");
channelProperties.Add("authorizedGroup", "Administrators");
channelProperties.Add("secure", "true");
channelProperties.Add("exclusiveAddressUse", false);
channel = new IpcChannel(channelProperties, clientProv, serverProv);
ChannelServices.RegisterChannel(channel, false);
RemotingServices.Marshal(this, "MyService.rem");
}
public string Ping(string value)
{
return value;
}
}
我在NT服务OnStart方法中构造了成员变量MyService。
在将服务安装为LocalSystem并启动后,我运行了客户端代码:
class Program
{
static void Main(string[] args)
{
var clientProv = new BinaryClientFormatterSinkProvider();
var serverProv = new BinaryServerFormatterSinkProvider() { TypeFilterLevel = TypeFilterLevel.Full };
Hashtable channelProperties = new Hashtable();
channelProperties.Add("portName", "remotingClient_" + Guid.NewGuid().ToString("N"));
channelProperties.Add("authorizedGroup", GetNameForSid(WellKnownSidType.LocalSystemSid));
channelProperties.Add("exclusiveAddressUse", false);
channelProperties.Add("secure", "true");
channelProperties.Add("tokenImpersonationLevel", "identification");
IpcChannel channel = new IpcChannel(channelProperties, clientProv, serverProv);
ChannelServices.RegisterChannel(channel, false);
var uri = "ipc://" + "MyService/MyService.rem";
RemotingConfiguration.RegisterWellKnownClientType(new WellKnownClientTypeEntry(typeof(IMyService), uri));
IMyService remoteServer = (IMyService)Activator.GetObject(typeof(IMyService), uri);
Console.WriteLine(remoteServer.Ping("Hello World"));
}
private static string GetNameForSid(WellKnownSidType wellKnownSidType)
{
SecurityIdentifier id = new SecurityIdentifier(wellKnownSidType, null);
return id.Translate(typeof(NTAccount)).Value;
}
}
Ping实际上只是一个回声,Console.WriteLine输出"Hello World"。
用户是否真的不在本地机器的管理组中,或者MyService是否正在做它自己没有权限做的事情,你看到的是服务器端的异常?例如,LocalServer没有访问网络资源的权限。