locked
How to implement secure RPC - Need example for mutual authentication RRS feed

  • Question

  • I want to implement secure RPC (ncalrpc) which will do mutual (client & server) authentication. I want to use RPC_C_AUTHN_GSS_KERBEROS authentication service for the same. So I tried setting authentication information in following way:
    AT CLIENT SIDE-
    1) Create new binding handle using RpcStringBindingCompose, RpcBindingFromStringBinding
    2) set authentication info using DsMakeSpn, RpcBindingSetAuthInfo
    AT SERVER SIDE-
    1) Inside security callback, try to verify/cross-check authentication info using RpcBindingInqAuthClient or RpcServerInqCallAttributes.

    My problem is:
    1) RpcBindingSetAuthInfo returns RPC_S_UNKNOWN_AUTHN_SERVICE for RPC_C_AUTHN_GSS_KERBEROS. API works if I use RPC_C_AUTHN_WINNT.
    2) Even if I use RPC_C_AUTHN_WINNT, I am not getting same info (authentication level, serverPrincName, authentication service, etc.) at server side which was set at client side.
    3) I get some default authentication values even if I don't call RpcBindingSetAuthInfo at client.

    So I am not sure how to do RPC_C_AUTHN_GSS_KERBEROS authentication and how to verify it at server side. I followed MSDN help for implementation but could not get it worked.

    I tried to find solution but could not find anything. I could find many related questions but without any answer. I was surprised to find very few code samples for implementing secure RPC.

    Could anyone share the working example to demonstrate the authentication mechanism. Thanks in advance!


    Thursday, May 8, 2014 9:01 AM