Problem solve Get help with specific problems with your technologies, process and projects.

Security in COM+

Developer Tip: Security in COM+

Security in COM+
Gregory Brill

Security in COM+ is based on the called COM+ component and the user using the application. If another component is called, security boundaries can be crossed. For instance, if a user has access to component A and component A calls component B the security permissions of the user do not necessarily pass with this call. This problem can be solved programmatically as Gregory Brill's book Applying COM+, published by New Riders illustrates. Below are descriptions of two commands that can be used in securing COM+ components.


Determining the Call Chain with ISecurityIdentityColl and ISecurityCallersColl

The ISecurityCallContex interface in COM+ can be used to determine if a caller or user is in a specific role and if security is presently enabled. It is also a VB style collection and, as such, supports a method, Item ( ), that returns a single Variant. This returned Variant holds either a numerical value or an IUnknown pointer that can be QI'd for an ISecurityIdentityColl (gives information about a specific caller) interface or an ISecurityCallersColl interface (a collection of ISecurityCallersColl interfaces). The string value passed into the Item ( ) method of ISecurityCallContext determines what the returned Variant will have in it. For example, examine the last line of the following VB code snippet:

Dim securityinfo as SecurityCallContext
Dim callers as SecurityCallers

Set securityinfo = GetSecurityCallContext( )
Set callers = securityinfo.Item("Callers")

By passing in the string "Callers," you are asking the SecurityCallContext object to return a collection of callers. Other string values could have been used, however that would have returned a single ISecurityCallersColl interface or numerical value. The table of property values is shown below.

The Properties of ISecurityCallContext 0/00 0/00 0/00 0/00 0/00 0/00
NumCallersThe number of callers in the chain of calls.
MinAuthenticationLevelThe least secure authentication level of all callers in the chain.
CallersInformation about the chain of callers to the current object. In Visual Basic, this returns a SecurityCallers collection object. In C++, it returns a ISecurityCallersColl interface. The SecurityCallers is a collection of SecurityIdentity objects (ISecurityIdentityColl interfaces in C++), which represent the identity of a caller.
DirectCallerReturns a SecurityIdentityColl object of the caller that called the object directly. This is the IsecurityIdentity interface in C++.
OriginalCallerReturns a SecurityIdentityColl object of the caller who originated the chain of calls to the object. This is the IsecurityIdentity interface in C++.


To learn more about Applying COM+, or to buy this book, click here.

Dig Deeper on Windows Server troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.