Administering COM+ Security (part 1) - Viewing the COM+ Catalogue, Populating COM+ Application Roles

8/18/2012 4:03:06 PM
In the previous section, we compiled and installed a COM+ application that contained our example component. We used .NET attributes to specify the COM+ security settings, but we need to complete the component configuration before the component can be used. In this section, we demonstrate how to assign roles to Windows user accounts and then continue to demonstrate how the COM+ administration tool can be used as an alternative to .NET attributes or as a means to alter the security configuration specified using attributes.

1. Viewing the COM+ Catalogue

The collection of COM+ applications installed on a computer is called the COM+ Catalogue. The catalogue is administered with the Component Services tool, which is included in the Administrative Tools section of the Windows Control Panels. Figure 1 shows the Component Services tool as it appears when first started.

Figure 1. The Component Services tool

Expand the Component Services tree and drill down to the COM+ catalogue for the local computer; Figure 2 shows the list of COM+ services for a standalone computer. The list of applications includes our example application (called SecurityProTracker, named after the assembly we created) as well as system applications that operate as part of Windows.

Figure 2. The COM+ catalogue

2. Populating COM+ Application Roles

Expand the SecurityProTracker item, and you will see details of the COM+ application that we created in the previous section. The Component Services explorer provides information grouped into Components, Legacy Components, and Roles. Expanding the Roles item lists the roles defined by the application, as shown in Figure 3.

Figure 3. The roles associated with the SecurityProTracker COM+ application

You will see icons representing the roles that we specified with the SecurityRole attribute; these roles are Developer, Manager, Tester, and User. You will also see another role, named Marshaler—see the sidebar for details. The COM+ system processed the attributes from our assembly to create these roles, but they are not yet assigned to user accounts, and so clients cannot access our component. In this section, we demonstrate the simple process of assigning roles to user accounts in order to complete the configuration of our example component.

Sidebar 1. The COM+ Marshaler Role

When you install a serviced component that uses the SecureMethod attribute, the COM+ system will automatically create the Marshaler role. The SecureMethod attribute indicates that you wish to apply RBS access control on individual methods defined by the component, so that, for example, users assigned the User role are able to access only the ViewAllDefects method.

The problem this creates is that users with this role have not been granted permission to create new instances of the component or to manage the disposal of component instances (because the constructor and the methods of the IDispose interface are not exposed to the Developer role).

When assigning a role that has been applied to individual methods, you should also assign the Marshaler role. Assigning the Marshaler role to a user account grants that account permission to create new instances of a component, and to call the methods defined by the System.IDisposable, System.IManagedObject, and System.EnterpriseServices.IServicedComponentInfo interfaces; in essence, assigning this role confers the right to create and manage instances of a serviced component.

To assign a COM+ role to a user account, expand the role to reveal the Users item, and right-click to display the menu shown in Figure 4.

Figure 4. Adding a new user to a COM+ role

Select the User item from the New menu to display the dialog box illustrated by Figure 5. Assign a role by typing the name of the user account into the text box—you can specify multiple accounts by separating the account names with a semi-colon. A useful feature is the ability to assign a role to a Windows group, which is equivalent to assigning the role to all of the individual accounts contained within the group. Figure 5 illustrates adding the users Tim, Tom, Tammy, and the group "QA Group" to the COM+ Tester role.

Figure 5. The Select Users or Groups dialog

Pressing the OK button in the Select Users or Groups dialog assigns the roles to the specified accounts and groups; Figure 6 shows the effect of adding Tim, Tom, Tammy, and the QA Group to the Tester role.

Figure 6. The accounts and groups assigned the COM+ Tester role
Top 10
Review : Sigma 24mm f/1.4 DG HSM Art
Review : Canon EF11-24mm f/4L USM
Review : Creative Sound Blaster Roar 2
Review : Philips Fidelio M2L
Review : Alienware 17 - Dell's Alienware laptops
Review Smartwatch : Wellograph
Review : Xiaomi Redmi 2
Extending LINQ to Objects : Writing a Single Element Operator (part 2) - Building the RandomElement Operator
Extending LINQ to Objects : Writing a Single Element Operator (part 1) - Building Our Own Last Operator
3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
Popular Tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8