Security in COM+
Gregory Brill

Security in COM+ is based on the called COM+ component and the user using the application. If another component is called, security boundaries can be crossed. For instance, if a user has access to component A and component A calls component B the security permissions of the user do not necessarily pass with this call. This problem can be solved programmatically as Gregory Brill's book Applying COM+, published by New Riders illustrates. Below are descriptions of two commands that can be used in securing COM+ components.

----------------------------------------------------------

Determining the Call Chain with ISecurityIdentityColl and ISecurityCallersColl

The ISecurityCallContex interface in COM+ can be used to determine if a caller or user is in a specific role and if security is presently enabled. It is also a VB style collection and, as such, supports a method, Item ( ), that returns a single Variant. This returned Variant holds either a numerical value or an IUnknown pointer that can be QI'd for an ISecurityIdentityColl (gives information about a specific caller) interface or an ISecurityCallersColl interface (a collection of ISecurityCallersColl interfaces). The string value passed into the Item ( ) method of ISecurityCallContext determines what the returned Variant will have in it. For example, examine the last line of the following VB code snippet:

Dim securityinfo as SecurityCallContext
Dim callers as SecurityCallers

Set securityinfo = GetSecurityCallContext( )
Set callers = securityinfo.Item("Callers")

By passing in the string "Callers," you are asking the SecurityCallContext object to return a collection of callers. Other string values could have been used, however that would have returned a single ISecurityCallersColl interface or numerical value. The table of property values is shown below.

The Properties of ISecurityCallContext 0/00 0/00 0/00 0/00 0/00 0/00
PropertyDescription
NumCallersThe number of callers in the chain of calls.
MinAuthenticationLevelThe least secure authentication level of all callers in the chain.
CallersInformation about the chain of callers to the current object. In Visual Basic, this returns a SecurityCallers collection object. In C++, it returns a ISecurityCallersColl interface. The SecurityCallers is a collection of SecurityIdentity objects (ISecurityIdentityColl interfaces in C++), which represent the identity of a caller.
DirectCallerReturns a SecurityIdentityColl object of the caller that called the object directly. This is the IsecurityIdentity interface in C++.
OriginalCallerReturns a SecurityIdentityColl object of the caller who originated the chain of calls to the object. This is the IsecurityIdentity interface in C++.

----------------------------------------------------------

To learn more about Applying COM+, or to buy this book, click here.


This was first published in December 2000

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top