Remoting and Encryption via Sinks—An Overview

What happens inside a channel? Channels use channel sink objects before they send and after they receive a message. Which sink you implement depends on whether you are coming from the client side or the server side. (The base implementations are IClientChannelSink and IServerChannelSink, respectively.) Additionally, on the client, the first channel sink must implement IMessageSink. The combination of IClientChannelSink and IMessageSink is provided for in IClientFormatterSink, which formats content for an IMessage class. IMessage, of course, contains a stream. This stream is the message going between the client and the server. Once the stream is available, it is read into the CryptoStream class mentioned in the “Encryption of Individual Data Elements—An Overview” section earlier in this chapter. Once in the CryptoStream, data can be encrypted and/or decrypted programmatically. In a real-world example, once the user is authenticated using a certificate, the public key can be used as an encryption key within your application during the session. Chapter 28, “Writing a Secure Web Application in the .NET Development Platform,” illustrates the use of remoting and encryption via sinks as well as the process of encrypting individual data elements while authenticating a user. Figure 16.13 illustrates where the CryptoStream fits in to this process.