COM+ Role Based Security - calling secure method 1 from secure method 2
From: oliverson (andy_j_hirst_at_hotmail.com)
Date: 01/25/05
- Previous message: Mark Nugent via .NET 247: "Windows Service cannot instantiate object of external class???"
- Messages sorted by: [ date ] [ thread ]
Date: 25 Jan 2005 06:35:24 -0800
Hello and thanks for reading.
I have implemented role-based security on some serviced componts at
method level and it works fine. However, method level isn't granular
enough. I made the decision for my clients to call Method_1 and if
they are in an appropriate COM+ role, the method call succeeds. Now,
within Method_1, I want to inspect the parameters that are passed in
and in certain circumstances delegate the resultant actions to a
further method within the same class; Method_2. This method has a
more restrictive set of COM+ roles applied to it. (both methods are
methods in the same interface that my serviced component implements,
but I don't want all my clients calling Method_2 directly).
Currently, Method_1 denies access to users who aren't in the roles
applicable for that method. Should a user be in an applicable role,
then when Method_1 needs to call Method_2, that has the more
restrictive roles, the call succeeds when I expected it to fail. The
call doesn't go through the COM+ security plumbing. Compounding my
misery is the fact that the user making the call proves to be the
Identity of my COM+ application (running as a server application).
I really need to make the call to Method_2 via COM+ security and as
the user that called Method_1. Any ideas please?
Thanks.
- Previous message: Mark Nugent via .NET 247: "Windows Service cannot instantiate object of external class???"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
