3. Applying the Security Attributes
In this section, we demonstrate how to use COM+ RBS and PAS, both of
which are configured using .NET attributes from the
System.EnterpriseServices namespace. COM+ security
can be configured programmatically, or administratively . When applying .NET attributes to configure RBS and PAS, you
must bear in mind that the system administrator can change the
security configuration for your components or even disable security
completely.
3.1. The ApplicationAccessControl attribute
The first security attribute to apply is
ApplicationAccessControl, which acts as a master
switch for COM+ application security and allows you to specify your
PAS authentication and impersonation levels. This attribute is always
applied to an assembly, because it affects the entire COM+
application. The ApplicationAccessControl
attribute defines four
properties:
Value
-
This is the master switch for COM+ security and is applied at the
application level. A
COM+ application is made up of one or more serviced components, and
this value enables or disables RBS and PAS security for
every component in the application. If this
property is set to false, then no validation of
client identity will be performed and no access control will be
enforced.
AccessChecksLevel
-
This property accepts a value from the
AccessChecksLevelOption enumeration, which defines
two values, detailed below. If the Value property
is set to false, then this property has no effect,
since COM+ security is disabled.
Application
-
The Application value enables PAS only; client
identity will be authenticated according to the value of the
ApplicationAccessControl
attribute's Authentication
property (see below), but COM+ RBS is not enforced. This is the
default used if no value is specified in the attribute declaration.
ApplicationComponent
-
The ApplicationComponent value specifies that PAS
and RBS will be enabled.
Authentication
-
The Authentication property accepts a value from
the AuthenticationOption enumeration.
ImpersonationLevel
-
The ImpersonationLevel property accepts a value
from the ImpersonationLevelOption enumeration.
The emphasized statements below show the use of the
ApplicationAccessControl attribute for our example
component. We have enabled COM+ security, specified that we wish to
use PAS and RBS, and accepted the default levels for authentication
and impersonation:
# C#
using System;
using System.EnterpriseServices;
// Specify the file containing the key for assembly signing
[assembly: System.Reflection.AssemblyKeyFile("mykey.key")]
// Specify that we want a COM+ Server application
[assembly: ApplicationActivation(ActivationOption.Server)]
// Specify our application level security settings
[assembly: ApplicationAccessControl(
// Enable COM+ Security
Value=true,
// Enable PAS and RBS
AccessChecksLevel=AccessChecksLevelOption.ApplicationComponent,
// Use the computer default values for authentication and impersonation
Authentication=AuthenticationOption.Default,
ImpersonationLevel=ImpersonationLevelOption.Identify)]
public class SecurityProTracker: ServicedComponent, IDefectTracker {
# Visual Basic .NET
Imports System
Imports System.EnterpriseServices
' Specify the file containing the key for assembly signing
<Assembly: System.Reflection.AssemblyKeyFile("mykey.key")>
' Specify that we want a COM+ Server application
<Assembly: ApplicationActivation(ActivationOption.Server)>
' Specify our application level security settings
<Assembly: ApplicationAccessControl( _
Value:=True, _
AccessChecksLevel:=AccessChecksLevelOption.ApplicationComponent, _
Authentication:=AuthenticationOption.Default, _
ImpersonationLevel:=ImpersonationLevelOption.Identify)>
Public Class SecurityProTracker
Inherits ServicedComponent
Implements IDefectTracker
3.2. The ComponentAccessControl Attribute
The
ComponentAccessControl attribute enables or
disables COM+ security for an individual serviced component. This
attribute accepts a single argument, which is set to
true (to enable COM+ security for a component) or
false (to disable COM+ access control for a
component). The emphasized statements below demonstrate how we apply
this attribute to enable COM+ security for our
SecurityProTracker component:
# C#
// Enable COM+ Security for this component
[ComponentAccessControl(true)]
public class SecurityProTracker: ServicedComponent, IDefectTracker {
# Visual Basic .NET
'Enable COM+ Security for this component
<ComponentAccessControl(True)> _
Public Class SecurityProTracker
Inherits ServicedComponent
Implements IDefectTracker
You must apply this attribute to every component that requires
security services within a COM+ application. The
ComponentAccessControl attribute has no effect if
the ApplicationAccessControl attribute has
disabled COM+ security at the application level.
3.3. The SecurityRole attribute
The SecurityRole
attribute has a different affect depending on whether it is applied
to an assembly, an interface, a class, or a method. In this section,
we define some roles for our example component and use the
SecurityRole attribute to apply COM+ RBS.
We define the following roles for our component. Figure 1 shows how we map these roles to the methods
implemented by the SecurityProTracker component:
User
-
The User role can see the list of defects, but is unable to
create new defects or close existing ones.
Tester
-
The Tester role is able to see the list of defects
and to create new defects. Testers cannot close existing defects.
Developer
-
The Developer role is able to see the list of
defects, and close defects. Developers are not able to create new
defects.
Manager
-
The Manager role is able to view defects,
create new defects and close defects.
When the
SecurityRole attribute role is applied to an
assembly, it has the effect of defining the role within the COM+
application. When used to define
roles in this way, the attribute defines the properties described by
Table 2.
Table 2. SecurityRole attribute properties
|
Property
|
Description
|
|---|
|
Role
|
Specifies the name of the property to define
|
|
Decription
|
Describes the role
|
|
SetEveryoneAccess
|
Adds the Windows Everyone group to the role
|
The
SetEveryoneAccess property is worthy of special note;
the SecurityRole can be applied to an assembly to
define roles for a COM+ application, but the system administrator is
responsible for assigning the COM+ roles to Windows user accounts. If
the SetEveryoneAccess property is set to
true, the Windows Everyone
group will be assigned the role and all users will be able to access
the methods protected by this role.
|
Use the SetEveryoneAccess property with care; it
has the effect of assigning a role to all users, which may negate the
benefits of COM+ RBS.
|
|
The following statement demonstrates how to define the
User role by applying the
SecuityRole attribute to an assembly, specifying a
description and ensuring that the Everyone group
is not assigned the role:
# C#
// Define the Users role
[assembly: SecurityRole("User",
Description="Users of the Security Pro product",
SetEveryoneAccess=false)]
# Visual Basic .NET
' Define the Users role
<Assembly: SecurityRole("User", _
Description:="Users of the Security Pro product", _
SetEveryoneAccess:=False)>
Applying the SecurityRole attribute to an assembly
only defines the role and allows you to provide a description; it
does not grant the role access to the methods defined by an interface
or component. The emphasized statements below demonstrate how we
define the roles for our example component:
# C#
// Define the Users role
[assembly: SecurityRole("User",
Description="Users of the Security Pro product",
SetEveryoneAccess=false)]
// Define the Tester role
[assembly: SecurityRole("Tester",
Description="Security Pro product testers",
SetEveryoneAccess=false)]
// Define the Developer role
[assembly: SecurityRole("Developer",
Description="Security Pro product developers",
SetEveryoneAccess=false)]
// Define the Manager role
[assembly: SecurityRole("Manager",
Description="Security Pro product managers",
SetEveryoneAccess=false)]
// Enable COM+ Security for this component
[ComponentAccessControl(true)]
public class SecurityProTracker: ServicedComponent, IDefectTracker {
# Visual Basic .NET
' Define the Users role
<Assembly: SecurityRole("User", _
Description:="Users of the Security Pro product", _
SetEveryoneAccess:=False)>
' Define the Tester role
<Assembly: SecurityRole("Tester", _
Description:="Security Pro product testers", _
SetEveryoneAccess:=False)>
' Define the Developer role
<Assembly: SecurityRole("Developer", _
Description:="Security Pro product developers", _
SetEveryoneAccess:=False)>
' Define the Manager role
<Assembly: SecurityRole("Manager", _
Description:="Security Pro product managers", _
SetEveryoneAccess:=False)>
'Enable COM+ Security for this component
<ComponentAccessControl(True)> _
Public Class SecurityProTracker
Inherits ServicedComponent
Implements IDefectTracker
When applied to a component, the
SecureMethod attribute grants a role access to all
of the methods defined by a component. We want to grant the
Manager role access to all of the methods
defined by our example component, and we will apply the
SecurityRole attribute to the
SecurityProTracker class, as shown by the emphasized
statements below:
# C#
// Enable COM+ Security for this component
[ComponentAccessControl(true)]
// Grant the Manager role access to the component
[SecurityRole("Manager")]
public class SecurityProTracker: ServicedComponent, IDefectTracker {
# Visual Basic .NET
<ComponentAccessControl(True), _
SecurityRole("Manager")> _
Public Class SecurityProTracker
Inherits ServicedComponent
Implements IDefectTracker
We can grant roles permission to access individual methods by
applying the SecurityRole attribute to individual
methods in either the interface or
the component class. If we apply the attribute to an interface
method, the role will be able to access the method in any component
that implements the interface. If we apply the
SecurityRole attribute to a method in the
component, the role is granted access to that component only, and not
other components that implement the same interface. We will apply our
access controls to the interface, as shown by the emphasized
statements below:
# C#
public interface IDefectTracker {
[SecurityRole("User")]
[SecurityRole("Tester")]
[SecurityRole("Developer")]
void ViewAllDefects( );
[SecurityRole("Tester")]
void CreateNewDefect( );
[SecurityRole("Developer")]
void CloseDefect( );
}
# Visual Basic .NET
Public Interface IDefectTracker
<SecurityRole("User"), _
SecurityRole("Tester"), _
SecurityRole("Developer")> _
Sub ViewAllDefects( )
<SecurityRole("Tester")> _
Sub CreateNewDefect( )
<SecurityRole("Developer")> _
Sub CloseDefect( )
End Interface
When we apply multiple attributes, a user identity granted
any of the specified roles will be granted
access. We cannot require an identity to be assigned multiple roles
in order to access a method or component.
3.4. The SecureMethod attribute
The final attribute to apply is
SecureMethod, which enables per-method access
control for a component. Without this attribute, COM+ RBS will be
applied on a component level only, and the role protection we have
assigned to the IDefectTracker interface will be
ignored. The emphasized statement below demonstrates how we apply
this attribute to our example class; this attribute defines no
properties:
# C#
// Enable COM+ Security for this component
[ComponentAccessControl(true)]
[SecureMethod]
// Grant the Manager role access to the component
[SecurityRole("Manager")]
public class SecurityProTracker: ServicedComponent, IDefectTracker {
# Visual Basic .NET
<ComponentAccessControl(True), _
SecureMethod( ), _
SecurityRole("Manager")> _
Public Class SecurityProTracker
Inherits ServicedComponent
Implements IDefectTracker
