Serviced Components & Role-Based Security
- From: carl_bevil@xxxxxxxxx
- Date: Wed, 22 Aug 2007 09:36:53 -0700
Hello all. I've posted this on a few other newsgroups without any
luck; hopefully someone here can give me some clues on this issue.
I've written a serviced component in C# that interacts with some COM
components (in a separate process). All components are run on the same
machine (currently under the Administrator account). I've enabled role-
based security on the serviced component (at the component level)
through attributes in C#. This component implements the standard
IConnectionPointContainer interface. It looks like this:
In assembly.cs:
[assembly: ApplicationActivation(ActivationOption.Server)]
[assembly: ApplicationAccessControl(Value = true,
Authentication = AuthenticationOption.Integrity,
ImpersonationLevel = ImpersonationLevelOption.Identify,
AccessChecksLevel =
AccessChecksLevelOption.ApplicationComponent)]
[assembly: SecurityRole("MyRole")]
In the class's .cs file:
using System.Runtime.InteropServices;
using System.Runtime.InteropServices.ComTypes;
using System.EnterpriseServices;
[ComVisible(true)]
[ComponentAccessControl(true)]
[Guid("XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX")]
[ProgId("MyComponent.MyObject.1")]
public class MyObject: ServicedComponent, /* Other interfaces... */,
IConnectionPointContainer
{
[SecurityRole("MyRole")]
void IConnectionPointContainer.EnumConnectionPoints(out
IEnumConnectionPoints ppEnum)
{
// Implementation
}
[SecurityRole("MyRole")]
void IConnectionPointContainer.FindConnectionPoint(ref Guid
riid, out IConnectionPoint ppCP)
{
// Implementation
}
// Other interface implementations...
}
I can CoCreate my component using this IID, and call
IConnectionPointContainer's methods on it. However, if I have role-
based security enabled, the calls always fail with E_ACCESSDENIED. The
client code is run under a user account that is included within
"MyRole". In fact, the same client code can call other methods on this
component that are restricted to "MyRole". If I remove the role
restrictions from these specific methods (by commenting out the
SecurityRole attribute), it still does not work. If I turn off role-
based security on this component (by commenting out the
ComponentAccessControl attribute), it *does* work. So it seems there
is something odd going on with the IConnectionPointContainer interface
and role-based security.
One thing I am seeing is that IConnectionPointContainer does not
appear in the list of interfaces in the COM+ application GUI (in
Component Services) -- even though I am explicitly implementing the
interface and can CoCreate using that interface. I suspect this is
somehow related to my problem; maybe this interface is somehow being
treated "special" by the interop layer (I know that connection point
implementations are converted to .NET events, so I am guessing
something similar might happen with IConnectionPointContainers).
Although I tried this with the IEnumString interface as a test and had
the same problems; my guess is that all the interfaces in
System.Runtime.InteropServices.ComTypes have this issue.
Any ideas on what is going on here, or how I can fix it? I really
don't care if the interface appears in the COM+ application as long as
I can use it with the object. But the security problem is a real issue
for me. How can I get these methods to work properly with role-based
security?
.
- Prev by Date: Re: ASP 3.0 not releasing objects to pool (Windows 2003 Server)
- Previous by thread: ASP 3.0 not releasing objects to pool (Windows 2003 Server)
- Index(es):
Relevant Pages
|
