Developing XML Web Services and Server Components with Visual C#™ .NET and the .NET Framework, Exam Cram™ 2 (Exam 70-320) By Amit Kalani, Priti Kalani
Table of Contents
Chapter 12. Security Issues
Servicedcomponents benefit from a set of authentication and authorization services that are included in the Enterprise Services (COM+) infrastructure. Authentication is provided over the RPC (Remote Procedure Call) channel between client and server, so clients automatically present to the server with their Windows identities. Authorization is provided by COM+ security roles, which rely on Windows accounts. An Enterprise Services role can contain Windows users and Windows groups. You can limit access to applications, components, interfaces, and methods within a serviced component to members of specific roles.
You can manage security for serviced components through a combination of attributes within your .NET project:
The ApplicationAccessControl attribute at the assembly level enables access checking at the process and component levels.
The SecurityRole attribute at the assembly level specifies the COM+ roles that will be capable of using any of the classes from the assembly.
The ComponentAccessControl attribute at the class level enables component-level access checking.
The SecurityRole attribute at the class level specifies the COM+ roles that will be allowed to create instances of the class.
The SecureMethod attribute at the class level enables you to use the Component Services tool to configure roles for the class.
The SecurityRole attribute at the method level specifies the COM+ roles that will be allowed to invoke the method.