IPC Remoting and Anonymous level security token

Question

I have a windows service and a command line executable that I want to communicate between. I need both sides to be able to initiate some communication so I decided to give remoting back and forth a try using IPC.

 

To see if this was even possible I created two command line exes to test the idea... The basic flow is this

1. Program A creates an IPC channel and registers well known type FromProgA.
2. Program A then launches Program B.
3. Program A then waits on a semaphore "waitingForB."
4. Program B creates an IPC channel and registers well known type FromProgB.
5. Program B then instantiates a "FromProgA" object using Activator.GetObject and calls a function called "NotifyProgAThatProgBIsSetup."
6. Program B then waits on a semaphore "waitingForA."
7. Program A's "NotifyProgAThatProbBIsSetup" implementation does a release on the "waitingForProgB" semaphore.
8. Program A initial thread of execution continues now that the semaphore is released and then instantiantes a "FromProgB" object using Activator.GetObject.
9. Program A calls "NotifyProgBThatAllCommunicationIsSetup."
10. Program A continues as normal knowing that at any time it can ask Program B to do something using a "FromProbB" object.
11. Program B's "NotifyProgBThatAllCommunicationIsSetup" implementation does a release on the "waitingForProgA" semaphore.
12. Program B's initial thread of execution continues now that the semaphore is released. It continues on as normal knowing that at any time it can ask Program A to do something using a "FromProgA" object.

This worked out very well in my two prototype applications. I went on to set it up such that Program A was always running and many, many Program B's would start and stop (something like 20 Program B's would simultaneously start up, get all the communcation flowing back and forth, then shut itself down. When a Program B closes down Program A notices it and launches another.... always trying to keep 20 around.) Memory usage was decent, and the CPU was mainly busy because of all the new processes that were being created. At any rate, this solution looked like it was going to work perfectly for the purposes I had in mind.

 

So, at this point I set about moving this functionality into my real application. The main different is that "Program A" is now a Windows Service running with Local System privileges. For the rest of this discusison I'll refer to the Windows Service (Program A) just as "Service" and I'll refer to Program B as "External Exe."

 

The Service can create its IPC channel and register its type and launch the External Exe. The External Exe can create its IPC channel and register its type. The External Exe is then able to correctly instantiate the Service's remoted object and make a call to it. The Service's semaphore pops and it instantiates the External Exe's, but when it tries to make the call on the External Exe's remoted object I get a remoting exception that contains a "Security Exception."

 

Some of the infomormation from the error

 

{System.Runtime.Remoting.RemotingException: An error occurred while processing the request on the server: System.Security.SecurityException: Cannot open an anonymous level security token.

   at System.Security.Principal.WindowsIdentity.GetCurrentInternal(TokenAccessLevels desiredAccess, Boolean threadOnly)
   at System.Security.Principal.WindowsIdentity.GetCurrent()
   at System.Runtime.Remoting.Channels.Ipc.IpcServerTransportSink.ServiceRequest(Object state)

The Zone of the assembly that failed was:
MyComputer

 

Server stack trace:
   at System.Runtime.Remoting.Channels.Ipc.IpcServerHandler.ReadToEndOfHeaders(BaseTransportHeaders headers)
   at System.Runtime.Remoting.Channels.Ipc.IpcClientHandler.ReadHeaders()
   at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)

 

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

 

So, I was wondering if anyone has seen something like this and had any suggestions to get me moving again. My first thought is that I need to get the Service to try and create a non anonymous level security token but I am not sure how to do that?

 

Any help would be much appreciated as this has held me back for a few days now. If there is a different forum that this question belongs in that would help too. I picked this one since it was centered on remoting which is the main techology that I am working with, but maybe some security forum makes more sense?

 

Thanks,

  Tony Lambert

Answer 1

Hi Tony, I've encountered something similar myself.  I was able to get around it by changing my call to ChannelServices.RegisterChannel() on the server side.

Old code:
IpcChannel channel = new IpcChannel(_ChannelName);
ChannelServices.RegisterChannel(channel, true);

New code:
IpcChannel channel = new IpcChannel(_ChannelName);
ChannelServices.RegisterChannel(channel, false);            // Changes "ensureSecurity" to false

From what I understand, this essentially disables encryption for your app.  Whether or not this is acceptable will depend on the design goals of your app.

Not sure if this is the same problem, but I wanted to at least share what I'd seen so far.  I'm still looking at why enabling security caused this problem to occur.  I'm sure it's something simple, but I haven't had the chance to look into it much yet.

Good luck, and hope this at least somewhat helps.

Answer 2

Tony, were you ever able to solve this? I am having the exact same error with no luck... thanks

Answer 3

Instead of
ChannelServices.RegisterChannel(channel, false);

use
ChannelServices.RegisterChannel(channel);

Eventhough IDE throws warning about depreciation of RegisterChannel(channel) call , it worked for me.

Answer 4

That is VERY interesting considering that the deprecated method CALLs the current method with "false". There is NO functional difference. The reason for the deprication was simply to make the developer THINK, it does NOT change the code.

Answer 5

Hi ,

I am getting the same error, "Cannot open an anonymous level security token" if i pass true for ensureSecurity,

and I get "Requested Service not found" if i pass false for ensureSecurity.

I really want to make the "true" value of ensureSecurity working as it is a requirement of the application.

Can anyone help me regarding this issue ? If i am not wrong ensureSecurity set to true encrypts the data.

Please help me with this.

thanks
Khan