[ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ]

If you select to import a preregistered component, the COM+ Catalog will not read the type library properly and the component's interfaces will not be displayed, limiting our ability to define security for them.

In the next step, pick the DLL file you want to register (VFPSecure.DLL). Here is the VFP component registered, with all of its interfaces and methods:

So far, there is nothing special about this component, and we could go ahead and instantiate it from any COM-enabled client. So, let's now add some security!

Enabling Application Security

The first step is to enable security for the entire COM+ Application. Right-click the application you created, select "Properties," and pick the "Security" page:

To activate security in general, simply check the checkbox entitled "Enforce access checks for this application". This turns on the COM+ security checking.

There are a number of other settings on this page, and the defaults are what we want for our little example, so don't touch any of those. But, let's investigate some of the settings anyway:

The Security Level option lets us specify whether or not we want security context information inside our component. This is turned on by default, and we will need it further down when we discuss programmatic security. This setting determines whether the system provides detailed security information throughout component execution, or checks security only on initial access.

The Authentication Level setting specifies when and how often the system verifies whether the user accessing the system is who he claims to be.

Finally, the Impersonation Level setting defines what user ID is to be used to access the application. We will discuss this in more detail below.

So, let's get back to our example: At this point, we have locked everyone out of our application. When you try to instantiate the COM component, you will get an "Access denied" error. That's because we haven't specified access rights for anyone.

Setting Up Roles

In COM+, access is permitted based on roles. Roles are groups of users specific to a COM+ Application. For our example, we'll set up "Customers," "SalesReps" and "Managers" roles. We do so in the Component Services snap-in:

[ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ]