Com+ question

  • Thread starter Thread starter Soeren S. Joergensen
  • Start date Start date
S

Soeren S. Joergensen

Hi,

A customer of mine (or actually the security department of this company)
requires that SQL connections are handet out from COM+ server object. The
connection will be used from a web application. The idea is to let the COM+
object create a new SqlConnection with integrated security set, so that the
user doing the actual connecting to the SQL server is the user configured to
run the COM+ object. Thereby there will be no unsecured connection strings
floating around in web.config files ect. The ASPNET account of the web
server is then put into the COM+ objects list of users who are able to use
the object. A very secure way to protect your SQL server :-)

But:
When creating a simple COM+ server, putting a method in it that hands out a
new connection I get following exception when using the connection. The
connection is not null - but I guess it is cought by the GC before it is
finished doing it's job ??

System.Runtime.Remoting.RemotingException: This remoting proxy has no
channel sink which means either the server has no registered server channels
that are listening, or this application has no suitable client channel to
talk to the server.

Does anyone know what could be wrong ??

Server component looks something like:

[SecurityRole("Users", true)]
public class ConnectionFactory : ServicedComponent
{
public ConnectionFactory() : base()
{

}

[AutoComplete]
public SqlConnection GetConnection()
{
return new
SqlConnection("Server=MySqlServer;Database=MySqlDB;Integrated
Security=SSPI;Persist Security Info=False");
}
}

Client uses the server object as follows:

private void MyMethodThatRequiresAConnection()
{
ConnectionFactory factory = new ConnectionFactory();
SqlConnection conn = factory.GetConnection();

if(conn != null)
{
try
{
// Do something, fill a dataset or what ever
}
catch(Exception e)
{
Debug.WriteLine(e);
}
finally
{
conn.Close();
}
}
}

Btw. I don't need comments about if this is a usefull method or not, or
whether performance will go up or down - there is simply no way around this,
it's a customer requirement :-)

Thanks in advance...

Kr.
Soren
 
Soeren,

Unfortunately, you will have to get around it. The reason this doesn't
work is because the SqlConnection class is not Serializable. However, it
does derive from MarshalByRefObject. When the object is passed through the
custom channels from ES to your app domain, it thinks it is marshaled by
reference (and is a proxy), but in reality, it is not.

There are only two ways around this. The first is to return the
connection string to your code, and create the SqlConnection there.

The other option is to have all of your operations exposed from COM+, so
that the connection is not exposed to the outside. This is typically what
is done.

Also, your solution wouldn't work too well anyways, since the connection
string property is exposed as a get/set property, and the code could easily
set the string to whatever it wants (in addition to you being able to create
SqlConnection objects on your own).

All in all, the second option is the best (encapsulating the operations
in COM+, not exposing the connection outside of your routine).

Hope this helps.

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Soeren S. Joergensen said:
Hi,

A customer of mine (or actually the security department of this company)
requires that SQL connections are handet out from COM+ server object. The
connection will be used from a web application. The idea is to let the
COM+ object create a new SqlConnection with integrated security set, so
that the user doing the actual connecting to the SQL server is the user
configured to run the COM+ object. Thereby there will be no unsecured
connection strings floating around in web.config files ect. The ASPNET
account of the web server is then put into the COM+ objects list of users
who are able to use the object. A very secure way to protect your SQL
server :-)

But:
When creating a simple COM+ server, putting a method in it that hands out
a new connection I get following exception when using the connection. The
connection is not null - but I guess it is cought by the GC before it is
finished doing it's job ??

System.Runtime.Remoting.RemotingException: This remoting proxy has no
channel sink which means either the server has no registered server
channels that are listening, or this application has no suitable client
channel to talk to the server.

Does anyone know what could be wrong ??

Server component looks something like:

[SecurityRole("Users", true)]
public class ConnectionFactory : ServicedComponent
{
public ConnectionFactory() : base()
{

}

[AutoComplete]
public SqlConnection GetConnection()
{
return new
SqlConnection("Server=MySqlServer;Database=MySqlDB;Integrated
Security=SSPI;Persist Security Info=False");
}
}

Client uses the server object as follows:

private void MyMethodThatRequiresAConnection()
{
ConnectionFactory factory = new ConnectionFactory();
SqlConnection conn = factory.GetConnection();

if(conn != null)
{
try
{
// Do something, fill a dataset or what ever
}
catch(Exception e)
{
Debug.WriteLine(e);
}
finally
{
conn.Close();
}
}
}

Btw. I don't need comments about if this is a usefull method or not, or
whether performance will go up or down - there is simply no way around
this, it's a customer requirement :-)

Thanks in advance...

Kr.
Soren
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Using COM objects in .NET 2
Using data from SQL in C# 4
How to connect to a custom database 3
Browser sends multiple request 5 to 10 request in a second withoutuser action. 2
Establishsing database connection 2
How To associate ServicePointManager with Connection? 2
Error while running asp.net 3
SqlConnection 2

Back
Top