COM Problems and Improvements

As with most MMC snap-ins, in the left (scope) pane Component Services uses a hierarchical display (similar to the one found in Windows Explorer) and a detailed view of the highlighted item in the right (results) pane. Most of the icons in this view have context menus you can access with a right click, just as you would with most Microsoft Windows applications. The context menus tell what tasks you can perform. In short, there isnt anything too unusual about this interface from a usage perspective. If you know how to use Windows Explorer, youll have a good idea of how to use this MMC snap-in.

Both Event Viewer and Services let you view a single machine. You can choose the machine you want to view by right-clicking the appropriate folder, and then choosing Connect To Another Computer from the context menu. Youll see the Select Computer dialog box as shown in Figure 2-2. The Browse button helps you select any available computer on the network, including servers that you have rights to access. Click OK, and Windows will connect you to the specified computer.

Figure 2-2: The Select Computer dialog box allows you to choose another computer to view.

Component Services allows you to view more than one computer at a time. This feature helps you to move COM+ applications from one machine to another in the same way youd move files using Windows Explorer. You can add a computer to Component Services by right-clicking the Computers folder, and clicking New and then Computer in the context menu. Youll see an Add Computer dialog box. As with the Select Computer dialog box, you can use the Browse button to find other computers on the network.

The actual content of the Component Services snap-in can vary by operating system version. Figure 2-1 shows the four folders that Windows XP users can access:

• COM+ Applications

• DCOM Config

• Distributed Transaction Coordinator

• Running Processes

Windows 2000 users will normally see the COM+ Applications and Distributed Transaction Coordinator folders (as shown in the WinServer entry in Figure 2-3), which are the two folders we need to discuss in this chapter. Lets begin with the COM+ Applications folder. Servers normally have more default applications than workstations do because they have more COM+ roles to fulfill. Figure 2-3 shows a comparison between the default applications for a workstation (My Computer) and for a server (WinServer). Note that Component Services uses a different icon for a local connection than it does for a remote connection so that you can easily see when youre working with the local machine.

Figure 2-3: Component Services will allow you to work with more than one machine at a time.

COM+ applications contain at least two folders: Components and Roles. A Windows XP installation adds a Legacy Components folder to the mix. Roles are a security requirement for a particular component, interface, or method. Well talk about roles in the Adding Security to a COM+ Application section later in the chapter. For now, lets talk about the construction of COM+ applications from the component perspective.

Components contain one or more interfaces. Each interface contains one or more methods. Methods are what youll use to access the functionality that the COM+ application provides. Youll often find more components within server applications because servers require more flexibility. However, each of these components will be the same whether found on a workstation or server. In other words, you wont find one version of a component on a workstation and another version on a serverany extra functionality the server requires will appear within a separate component.

Each application level provides property settings that modify that levels behavior. For example, you can set role-based security parameters for a COM+ application at the application, component, interface, and method levels. This means you get a very fine level of control over the behavior of an application. Not every level has the same settings because every level performs a different function within the application hierarchy. The folders directly above each application level allow you to organize that level and change the method of presentation. This includes the choices presented by the MMC snap-in as well as the application itself. In a few cases (where applicable ), youll see a New option on the context menu for the folder that permits you to add a new item. Well see how this works in the Creating COM+ Applications and Installing Components section that follows .

Creating COM+ Applications and Installing Components

Building a COM+ application doesnt require any programming once you create the required components. However, COM+ applications dont just appear on your server because youve created all the required components. You need to use a wizard to create an empty COM+ application. Once you have the application in place, you can add components to it using a different wizard. Each component is added separately; there isnt any way to add them as a group . Windows automatically detects component details to complete the application for you. The purpose of this section is to show you how to perform these two COM+ application creation steps.

As with any component, you have to register your COM+ components. In the past, you relied on the integrated development environment (IDE) to perform the task automatically, used RegSvr32 to perform the task manually, or included the registration as part of an installation program or other form of automation. When working with .NET applications, youll rely on the RegAsm utility as a replacement for the RegSvr32 utility. However, the result is the same as when using unmanaged componentsthe component is still registered in the registry.

In the world of COM+, you dont use any of these registration methods Windows registers the component for you as part of the process of adding components to a COM+ application. The act of installing a component registers it on a server that it hasnt been registered on before. Well see in this section that you still need to use the RegAsm utility to create a type library for the COM+ wizards to access.

Ive created a component for demonstration purposes in this chapter. You dont need to create the component or write any code. All the code for this section appears in the Chapter02\MyMath folder of the companion content. You can download the companion content from the Web at http:// www.microsoft.com/mspress/books/6426.asp . The purpose of this sample component is to help you learn how the two wizards work. Examples later in the book will show you how to create various types of components you can register using the procedures well discuss here.

The following sections show how to use the Component Services MMC snap-in to register and install the MyMath component (which includes the MathFunctions class). Youll also learn a little about COM+ security and how to export your application to install it on a client machine. The exported application acts as a proxy the client will call to access the component on the server.

Creating the COM+ Application

The first thing we need to do is create a new application for our component. The following procedure shows you how to add a new application to Component Services. (This process is different than those youve used for other component types.)

1. Move the component to a convenient directory on the server. I normally use a central repository for my custom components, but you can use any management scheme you like, including creating special folders for each project you work with. Because of the way .NET components work, youll need to create a type library (TLB) file and register the component in the Global Assembly Cache (GAC) so that the common language runtime can find it.

2. Type RegAsm MyMath.dll /tlb:MyMath.tlb at the command prompt in the folder used to hold the component, and then press Enter. This step does register the component, but youll find that the registration doesnt work as anticipated with COM+. What we need out of this step is the type library.

3. Type GacUtil -i MyMath.dll , and press Enter at the command prompt. This step registers the component globally so that the common language runtime can find it when needed. Now we need to register the component with COM+.

   Tip

   During the design and debugging phase of component construction, it pays to create batch (BAT) files that contain the registration and unregistration commands. I usually create one batch file for each purpose. Youll find examples of these two files in the \Chapter02\MyMath\bin\Debug folder of the source code.

4. Open the Component Services console if you havent done so already.

5. Highlight the COM+ Applications entry, and then click the Action menu and then click Application in the New submenu. Youll see the Welcome To The COM+ Application Install Wizard dialog box.

6. Click Next. Youll see the Install Or Create A New Application page. The Install Pre-built Application(s) option is specifically designed to allow you to install third-party applications. These applications come with an installation file with an MSI extension that contains all the particulars about the application. We wont talk about pre-built applications for most of the applications in this book. Since were developing our own application, well need to use the Create An Empty Application option.

7. Click the Create An Empty Application option. Youll see the Create Empty Application page as shown in Figure 2-4. This page contains a field that holds the name for your application. It also asks you to decide between a library and server application type. In most cases, youll choose the Server application option because the components you create will execute in a separate process on the server. Library applications execute within the creators process, which means an errant component can cause the application to fail. In addition, library applications dont support load balancing, remote access, or queued components. Library applications do, however, execute faster because there are fewer process boundaries to cross.

   
   Figure 2-4: Use the COM+ Application Install Wizard to give your application a name and define the application type.

8. Type a name for the application. The example uses MyMathApp , but you can use any name you like.

9. Choose between the Server Application and Library Application options. The sample application uses the Server Application option because it allows more complete testing of the component and better protection during debugging.

10. Click Next. Youll see the Set Application Identity page as shown in Figure 2-5. This page helps you choose the identity used to run the component. Youll normally choose the Interactive User option because it allows you to test for role-based security using the identity of the person logged onto the server. The second option, This User, relies on the identity of a specific person. Its handy for situations when you know another server rather than a user will use the component. Using this setting is convenient because the component will always allow the same level of access no matter who makes the request.

    
    Figure 2-5: Youll use the Set Application Identity page to determine the identity the application uses while running.

11. Choose the Interactive User option, and then click Next. The example will use the Interactive User option because it provides better application security. This setting will augment the role-based security that well talk about later. Youll see the final COM+ Application Wizard page.

12. Click Finish. The new application will appear in the list of applications in the COM+ Applications folder. Notice that Windows automatically creates a directory structure you can use for working with the component. Well use this directory structure in the steps that follow to fully configure the COM+ application for use.

Adding Components to a COM+ Application

The application weve just defined acts as a container for our component. In fact, you could place multiple components within this directory structurethe whole idea is to keep the various applications on the server separate, not necessarily to restrict how you add new components to the server. At the moment, we still dont have the sample component (found in the Chapter 02\MyMath\bin\Debug folder as MyMath.dll ) installed in Component Services. The following steps will show you how to install the component, even if it isnt registered on the current machine.

1. Open the MyMathApp application, and youll see a minimum of two folders: Components and Roles. (You must highlight the Components folder to add new components to the application.) The Components folder holds any components you want to install for the application. The Roles folder contains security roles you can later assign to the application, an individual component, or a method within the component.

2. Highlight the Components folder, and then use the click Component in the New subfolder of the Action menu to display the COM+ Component Install Wizard dialog box.

3. Click Next. Youll see the Import Or Install A Component page. The Install New Component(s) option helps you to install components youve placed on the server but havent registered. This is the option you should always use when working with .NET components to ensure you can see all the interfaces and methods they contain. The Import Component(s) That Are Already Registered option helps you to add components that have already been registered on the server. This is the option youll choose for updates (in which case, the GUID is exactly the same for the new component as it was for the old one) or when the component has been registered for some other reason. For example, you might be using your development machine as the test server. If you use this option with a .NET component, make sure the component contains the [Guid] attribute for the class to ensure the GUID remains the same from version to version. Generally, you should avoid this option when working with .NET components to ensure your application works as anticipated. Use the Install New Event Class(es) option to create event classes for subscription use. This particular component installation requires special programming that well discuss in Chapter 11.

4. Click Install New Component(s). Youll see the Select Files To Install page like the one shown in Figure 2-6. Although you can install components that reside on other machines, youll find that components work more reliably if you place the component on a local server hard drive. (As previously mentioned, youll probably want to place your custom components in a special place on the server to make them easier to find.) Notice that the folder for the sample component includes both the DLL and TLB files. Always select the TLB file because COM+ wont know what to do with the DLL file.

   
   Figure 2-6: Windows will ask for the location of the component you want to install.

5. Find the component file you want to install. The example uses MyMath.TLB . Highlight the file, and then click Open to complete the selection process. Youll see the Install New Components page similar to the one shown in Figure 2-7. (You might need to check the Details option to get your dialog box to match the one shown in the figure.) Note that the figure shows what you should see when working with the sample component. The example contains both components and a type libraryyoull need both for COM+ applications. Clicking the Add button at this point would allow you to add another file to the list (along with any components the file contains). Our component is also shown as a COM+ component type, and the wizard has found interfaces within the component. (The wizard wont tell you which interfaces have been found at this pointwe can hope, it found the ones you wanted to expose.) You need to check all these items as part of the component setup.

   
   Figure 2-7: Make sure you have all the required parts before you consider the component installation complete.

6. Click Next. Youll see the final COM+ Component Install Wizard page.

7. Click Finish to complete the Install New Component(s) installation process. Youll see the new component added to the right pane of the Component Services window, as shown in Figure 2-8.

   
   Figure 2-8: The Component Services window will contain the new components youve installed once you complete the COM+ Component Install Wizard.

Adding Security to a COM+ Application

At this point, the COM+ application and an associated component are installed within the Component Services snap-in. However, the component isnt completely operational yet because we havent installed any security for it. Yes, you can use the component at this pointthere isnt any magic about adding security to the COM+ application. However, adding security is essential for creating a COM+ application that works well.

Theoretically, we could get by without adding any security because the application is already protected by the standard Windows security. However, role-based security is one of the features of COM+ that makes life a lot easier for network administrators and developers alike. This is because you can refine the security measures used to protect a component, the interfaces it contains, and the methods required to perform the applications work. Unlike Windows security, where you have to use a one- size -fits-all approach, role-based security allows you to base security on the work a user will perform.

To add role-based security to the component, youll need to create at least one, and preferably two, roles. Well call the first role Administrator so that someone logged on as this role will be able to access all the methods within the MyMath component. The second role can be any other value, but for this example well use User. The User role will be able to access just the four math functions.

1. Highlight the Roles folder, and then click Role in the New submenu of the Action menu to display the Role dialog box.

2. Type a name for the role, and then click OK. For the example, well use Administrator for one role and User for the second.

3. Open the Administrators (or Users) folder, and then highlight the Users folder. Click User in the New submenu of the Action menu to display the Select Users Or Groups dialog box shown in Figure 2-9. This is where youll choose the users that can access components using the Administrator role.

   
   Figure 2-9: The Select Users Or Groups dialog box allows you to choose which users or groups will perform the task specified by the role.

4. Type the names of the users or groups you want to include for each role in the field provided. The example uses the Administrators group for the Administrator role and a test user for the User role. Make sure you separate multiple entries using a semicolon and use the proper form for the entries. If you want Windows to do the work, click Advanced and youll see a Select Users Or Groups dialog box that will help you find individual users or groups.

5. Click OK. The selected users or groups will get added to the Users folder for the appropriate role in the Component Services window.

6. Repeat steps 1 through 5 for the User role. However, in this case, use your own name, a test user name, or the Users group instead of the Administrators group for the Users folder. Figure 2-10 shows a security setup that would be typical for our scenario. Obviously, any production components you create will have a more complex security setup that allows users to access the components you create in specific roles.

   
   Figure 2-10: Role-based security allows you to define the access a user gets to the methods within a component based on the role that user performs.

Ive chosen not to implement any form of security within the MyMath component because that would defeat the purpose of using the highly configurable role-based security option. If I had implemented security within the component, any change to the company structure might also mean a change to the code within the component. In most cases, you dont want to add security to your component anymore; youll want to add security by using the Component Services snap-in.

With this change in methodology in mind, lets see what youll need to do to add security to the MyMath component. First youll need to enable role- based security. This means making a change at the application level. Right-click the MyMathApp entry, and then choose Properties from the context menu. Youll see the MyMathApp Properties dialog box. Choose the Security tab of this dialog box, and youll see the security options shown in Figure 2-11. This is where you determine what kind of security an application will use.

Figure 2-11: You must set security at the application level before you can use role-based security.

There are actually two settings you need to look at. First make sure you check the Enforce Access Checks For This Application option. This setting enforces security at the component, interface, and method levels. Second make sure you allow access checks at both the process and component levels. You can do this by selecting the second option in the Security Level group shown in Figure 2-11. (The figure shows the Security Level properly configured.) You need to select this option if you plan to use role-based security within your components as well. Otherwise, your components will be limited to whatever security Windows provides at the application level.

Now that we have role-based security enabled at the application level, right-click the MyMath.MathFunctions component and choose Properties from the context menu. Youll see the MyMath.MathFunctions Properties dialog box.

As you can see, the MyMath.MathFunctions Properties dialog box helps you to configure a relatively wide range of component options, including whether the component supports transactions. There are also options for allowing the component to engage in object pooling (normally a good idea with database components) and concurrency. Click the Security tab, and youll see the Security tab of the MyMath.MathFunctions Properties dialog box, similar to the one shown in Figure 2-12. Notice that both the roles weve created are available for use with this component.

Figure 2-12: Windows will automatically display any roles youve created for a COM+ application at all application levels.

Remember that we have role-based security enabled, but as you can see in Figure 2-12, neither of the role-based security options are checked. With the Security tab of the MyMath.MathFunctions Properties dialog box is set as it is, no one can access the component. What youll need to do is select the roles that you want to access the component. Lets assume the Administrator role will have full access to this component. Select the Administrator entry, and then click OK to make the change permanent.

Now, lets look at the effect of our decision at a lower level of the application. Right-click the _MathFunctions interface (located in the Interfaces folder for the application), and then choose Properties from the context menu. Click the Security tab, and youll see the _MathFunctions Properties dialog box. Notice that we still have two options to choose from with regard to role-based security, but that Administrator appears in the Roles Inherited By Selected Item(s) list box. This means you dont have a choice about the Administrator role anyone in this role already has access to this interface. Youll find that the same rule holds true for methods. In other words, everyone in the Administrators group can access everything this component has to offer. On the other hand, the User role still hasnt been defined.

Right-click the DoAdd entry in the Methods folder, and choose Properties. Click the Security tab. Youll see the same list of inherited roles and defined roles as before. This time, select the User role and click OK. The User role now has access to the DoAdd() method. Perform the same task for the other three simple math entries: DoSubtract, DoMultiply, and DoDivide.