.NET/COM+ security issues

D

David

I am trying to use COM+ security in a C# class by applying
the ComponentAccessControl attribute to the class, along
with SecurityRole attributes for any roles that I want to
have access to the whole class. My plan was to use the
SecurityRole attribute at method-level for those roles
that I only wanted to have access to specific methods
(e.g. those that don't write to the database).

However, I've hit a problem in that the constructor is
only available to the roles that have been applied at
class level, which then have access to all methods in the
class.

How can I get round this? I just want to be able to
provide access to all methods for some users and prevent
other users from calling methods that update the database.

Thanks in advance...

David.
 
T

Tian Min Huang

Hello David,

Thanks for your post. As I understand, you want to be able to provide
access to all methods for some users (e.g. the role name is UserA), and
also prevent other users (e.g. the role name is UserB) from calling methods
that update the database. Please correct me if there is any
misunderstanding. Now I'd like to share the following information:

We can assign the role to the class level for UserA and then assign the
role to the allowed method for UserB. To configure role-based security on
methods, the class must implement methods of an interface and must use the
SecureMethod attribute on the class level, or SecureMethod or SecurityRole
at the method level. Please refer to the following article for detailed
information:

Understanding Enterprise Services in .NET
http://www.gotdotnet.com/team/xmlentsvcs/espaper.aspx

Please feel free to let me know if you have any problems or concerns.

Have a nice day! :)

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
D

David

Hello Tim,

Thanks for your reply - I had a look at the article on
gotdotnet and the problem was that I did not have anyone
in the Marshaler role.

I'm pleased to finally find an article that
comprehensively covers role-based security in .NET - all
the previous articles that I have read did not mention the
Marshaler role, which is obviously very important!

Thanks again.

David.
 
T

Tian Min Huang

Hi David,

Thanks a lot for your feedback. I am very glad to hear that you have
resolved the prboelm. In addition, would you mind share the article so that
the community can benifit from it.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

COM+ SecureMethod attribute issue 6
COM+ Secure Method 1
System.UnauthorizedAccessException from COM+ app 1
how to implement a Role-Based winapp 2
C# Create Global values in DLL? 4
COM attribute named Event 1
COM, Unmanaged/Managed C++, and CoInitialize() 4
Combine Forms Authentication with Windows 3

Top