Domanda
I had an internal interface that I needed to implement over .NET remoting to make sure only our assemblies ever called these members remotely (used InternalsVisibleTo to give access to friend assemblies). However, when I implemented the interface and built it, I got the following error:
https://stackoverflow.com/questions/16014106
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian'AssemblyName' does not implement interface member 'InterfaceMember1(...)' 'AssemblyName' cannot implement an interface because it is not public.
I was unable to search and find a way to make this work. However, I explicitly implemented the interface which allowed my assembly to build, and I can call the remote methods from any friend assembly with no issues.
I'm concerned with the lack of information I found on this topic though, especially on MSDN and StackOverflow. Is there anything wrong with implementing .NET remoting over an internal interface? And if so, why?
EDIT Here is what my interface and implementation look like:
Interface
internal interface IAdmin
{
bool TESTPING();
bool AdminTask1(int val);
...
}
Implementation
public class RService : MarshalByRefObject, IAdmin
{
//IAdmin members
bool IAdmin.TESTPING()
{
return true;
}
bool IAdmin.AdminTask1(int val)
{
// do stuff
return true;
}
}
Soluzione
You can't implement security feature that way. Remoting specification is open, so anyone can create a message, send it to your remoted class and receive a response. Your service cannot reliably determine who called it.
You can implement a custom authorization, and send a secret token with each method call to ensure that only your code calls it.
Altri suggerimenti
MSDN: http://msdn.microsoft.com/en-us/library/ms182313(VS.80).aspx
Interface methods have public accessibility, which cannot be changed by the implementing type. An internal interface creates a contract that is not intended to be implemented outside the assembly that defines the interface. A public type that implements a method of an internal interface using the virtual modifier allows the method to be overridden by a derived type that is outside the assembly. If a second type in the defining assembly calls the method and expects an internal-only contract, behavior might be compromised when, instead, the overridden method in the outside assembly is executed. This creates a security vulnerability.
