Role-Based Security

The .NET Framework provides mechanisms to integrate managed code with COM+ security services. This functionality relies on the Microsoft® Windows NT® token associated with executing code as the basis for identity.

Note   The .NET Framework and COM+ role-based security mechanisms are independent, and you can use only one mechanism within a single application.

COM+ security relies on Windows NT accounts and process/thread impersonation. If the managed code provides authentication services, it must obtain a Windows NT security token and do an impersonation before calling any COM objects.

You can add roles to an application and associate the roles with components by applying the SecurityRoleAttribute attribute to a class that derives from the System.EnterpriseServices.ServicedComponent class. Applying this attribute to an assembly as a whole ensures that the role exists in the COM+ catalog. When you apply this attribute to a component, it ensures that the role exists in the application configuration and associates the target component with the role.

If the SetEveryoneAccess property is set to true, the role Everyone is added as a member. The default is false, which means there are no users assigned to a role. Instead, you must configure them manually. This technique is best used for the role of Administrator, which has extensive control over the system.

Security roles are supported at the assembly, class, method, and interface levels. As with other method attributes, security configuration is not currently shared between interface definition and method implementation.

The SecurityCallContext class provides access to COM+ security call context, and is similar but not identical to the SecurityCallContext object in Visual Basic. New instances are not created programmatically but obtained through the CurrentCall property. The remaining properties, described in the following table, call methods on the SecurityCallContext object.

Property Remark
Callers Retrieves the Callers item from the SecurityCallContext object in COM+ and returns the item as a SecurityCallers object.
CurrentCall Returns a reference to a SecurityCallContext object associated with the current call.
DirectCaller Retrieves the DirectCaller item from the SecurityCallContext object in COM+ and returns the item as a SecurityIdentity object.
MinAuthenticationLevel Retrieves the MinAuthenticationLevel item from the SecurityCallContext object in COM+.
NumCallers Retrieves the NumCallers item from the SecurityCallContext object in COM+.
OriginalCaller Retrieves the OriginalCaller item from the SecurityCallContext object in COM+ and returns the item as a SecurityIdentity object.

See Also

Summary of Available COM+ Services | SecurityRoleAttribute | System.EnterpriseServices Namespace