.NET/COM+ security issues

  • Thread starter Thread starter David
  • Start date Start date
D

David

I am trying to use COM+ security in a C# class by applying
the ComponentAccessControl attribute to the class, along
with SecurityRole attributes for any roles that I want to
have access to the whole class. My plan was to use the
SecurityRole attribute at method-level for those roles
that I only wanted to have access to specific methods
(e.g. those that don't write to the database).

However, I've hit a problem in that the constructor is
only available to the roles that have been applied at
class level, which then have access to all methods in the
class.

How can I get round this? I just want to be able to
provide access to all methods for some users and prevent
other users from calling methods that update the database.

Thanks in advance...

David.
 
Hello David,

Thanks for your post. As I understand, you want to be able to provide
access to all methods for some users (e.g. the role name is UserA), and
also prevent other users (e.g. the role name is UserB) from calling methods
that update the database. Please correct me if there is any
misunderstanding. Now I'd like to share the following information:

We can assign the role to the class level for UserA and then assign the
role to the allowed method for UserB. To configure role-based security on
methods, the class must implement methods of an interface and must use the
SecureMethod attribute on the class level, or SecureMethod or SecurityRole
at the method level. Please refer to the following article for detailed
information:

Understanding Enterprise Services in .NET
http://www.gotdotnet.com/team/xmlentsvcs/espaper.aspx

Please feel free to let me know if you have any problems or concerns.

Have a nice day! :-)

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
Hello Tim,

Thanks for your reply - I had a look at the article on
gotdotnet and the problem was that I did not have anyone
in the Marshaler role.

I'm pleased to finally find an article that
comprehensively covers role-based security in .NET - all
the previous articles that I have read did not mention the
Marshaler role, which is obviously very important!

Thanks again.

David.
 
Hi David,

Thanks a lot for your feedback. I am very glad to hear that you have
resolved the prboelm. In addition, would you mind share the article so that
the community can benifit from it.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
Back
Top