Share via


Channel / Object affinity in remoting and security implications

This is a very common question. Whether there is affinity between remoting objects and registered channels. The answer is no. Any channel registered in the appdomain hosting a remoting object can dispatch to it. Thus if you have a "secure" channel and an unsecure channel registered in the same domain, your implementation has a security hole since any untrusted client can still reach your object on the unsecured channel. To get isolation based on channels, it would be required to register each channel in a separate appdomains thus preventing the unsecure channel from dispatching to a "secure" appdomain hosted object.

Comments