Visual C#. NET 2003 Unleashed

Security in COM+

Security in COM+ is an extremely complex and involved topic. If you really want the full details, you should pick up a book devoted to COM+. The next section will provide you with an overview of how security works in a COM+ application, the security options available to you, and how you can program against that security model.

Object and Security Contexts

A security context identifies the principal (see other chapters in this book about IPrincipal and IIdentity) that is performing a given action. If a method is being invoked on a serviced component, COM+ can be configured to provide that component with an object context. That context gives the code the capability to query the identity of the calling client as well as the roles (discussed shortly) to which the user belongs. The object context allows a method on a ServicedComponent to obtain information about current transactions, whether security is enabled, and allows the code to vote for the commitment or rollback of the current transaction.

Table 40.1 is a quick list of some of the methods and properties available on the ContextUtil class, a class used for interfacing with the MTS (COM+) context object.

Table 40.1. Methods and Properties of the ContextUtil Class

Property / Method

Description

Properties

ActivityId

Gets the GUID for the current activity

ApplicationId

Gets the GUID for the current COM+ application

ContextId

Gets the GUID for the current context

DeactivateOnReturn

Indicates to the COM+ system that the component will be deactivated when the current method finishes

IsInTransaction

Indicates whether the current method is participating in a transaction

IsSecurityEnabled

Indicates whether security is enabled at the component or process level

transaction

Returns information about the current distributed transaction

transactionId

Gets the GUID for the current transaction

Methods

DisableCommit()

Disables transaction commits for the current method execution

EnableCommit()

Enables transaction commits for the current method execution

GetNamedProperty()

Gets a named property that belongs to the current object context; not to be confused with shared property groups

IsCallerInRole()

Indicates whether the client code's security context is within a certain COM+ role

SetAbort()

Votes to abort (roll back) the current transaction

SetComplete()

Votes to commit (complete) the current transaction

Role-Based Security

Role-based security refers to the concept of assigning roles or groups to specific users. What the user can and cannot do is dictated by the roles to which that user belongs.

Every COM+ application has a set of roles associated with it. These roles can then have user accounts or user groups placed in them. These accounts are part of an NT domain or part of an Active Directory. Therefore, you can create roles such as Finance, Shipping, Receiving, Billing, Administrators, and Users. Each of these groups could have different or overlapping members. Code within the COM+ application can then test whether the user belongs to a particular group before allowing the user to perform a given action.

The code in Listing 40.3 shows a new class, RoleSecurity, that has methods whose use is restricted to specific roles within the application. The code is examined in more detail after the listing.

Listing 40.3. A Class That Has Methods That Utilize Object and Security Contexts

using System; using System.EnterpriseServices; namespace ServicedApplication { /// <summary> /// Summary description for RoleSecurity. /// </summary> [ComponentAccessControl(true), SecurityRole("App User", true), SecurityRole("App Administrator")] [Transaction(TransactionOption.Required)] [EventTrackingEnabled(true)] [JustInTimeActivation(true)] [Synchronization( SynchronizationOption.Required)] public class RoleSecurity : ServicedComponent { public string PerformAdministrativeAction() { if (!ContextUtil.IsSecurityEnabled) return "No Security Available"; if (SecurityCallContext.CurrentCall.IsCallerInRole("App Administrator")) { return "Task Completed"; } else { return "Task Failed"; } } public string PerformStandardAction() { if (!ContextUtil.IsSecurityEnabled) return "No Security Available"; if (SecurityCallContext.CurrentCall.IsCallerInRole("App Administrator") || SecurityCallContext.CurrentCall.IsCallerInRole("App User")) { return "Task Completed by " + SecurityCallContext.CurrentCall.DirectCaller.AccountName; } else return "Task Failed"; } } }

The onslaught of attributes at the top of the class defines the necessary COM+ configuration that is required for COM+ to provide the component with security and object contexts. The SecurityRole attribute is used so that when the assembly is self-registering with COM+, it will create those security roles. If a Boolean value of true is supplied for this attribute, it will automatically add the special group Everyone to the role.

The first method, PerformAdministrativeAction , makes a call to IsCallerInRole to find out whether the calling client code's security context is in the administrative application user role. The second method will let anyone execute it so long as they are a user or an administrator.

The console output from invoking both of these methods is as follows:

Administrative result: Task Failed Standard result: Task Completed by SILVERALIEN\Kevin Hoffman

By default, the Kevin Hoffman account is not part of the administrators group, but because the special group Everyone is part of the standard users group, the second task was completed. To illustrate how to identify the calling client, the name of the user that requested the task is displayed.

    Related

    Категории