Enterprise Services uses COM+ roles for authorization. You can control the granularity of authorization to applications, components, interfaces, and methods . To prevent users from performing restricted operations exposed by your application's serviced components :
Enable role-based security .
Enable component level access checks .
Enforce component level access checks .
Role-based security is disabled by default on Windows 2000. The reverse is true on Windows Server 2003. To ensure that role based security is automatically enabled when your component is registered (usually by using Regsvcs.exe), add the following attribute to your serviced component assembly.
[assembly: ApplicationAccessControl(true)]
Note | Using this attribute is equivalent to selecting Enforce access checks for this application on the Security tab of the application's Properties dialog box in Component Services. |
Component level access checks must be enabled in order to support component, interface, or method level role checks. To ensure that component level access checks are automatically enabled when your component is registered, add the following attribute to your serviced component assembly.
[assembly: ApplicationAccessControl(AccessChecksLevel= AccessChecksLevelOption.ApplicationComponent)]
Note | Using this attribute is equivalent to selecting Perform access checks at the process and component level on the Security tab of the application's Properties dialog box in Component Services. |
To allow individual components to perform access checks, you must enforce component level access checks. This setting is only effective if the application-wide security level is set to the process and the component level as described above. To ensure that component level access checks are automatically enabled when your component is registered, add the following attribute to your serviced component classes.
[ComponentAccessControl(true)] public class YourServicedComponent : ServicedComponent { }
Note | Using this attribute is equivalent to selecting Enforce component level access checks on the Security tab of the component's Properties dialog box in Component Services. |