Best Practices for Securing COM+ Applications

Using roles, an administrator can administratively construct an authorization policy for an application, choosing (down to the method level, if necessary) which users can access which resources. Because all XLANG schedules are hosted in COM+ server applications, access to the installed COM objects can be limited by configuring security properties for various roles.

Important

• If security properties are added at the component level, individual components, interfaces, and methods based on the role settings at these levels are also limited. For more information about COM+ security, go to the MSDN Online Library Web site (msdn.microsoft.com/library/default.asp), and browse to the Security in COM+ page.

Recommendations for securing COM+ applications

The following recommendations apply primarily to securing deployed applications:

• Do not configure a COM+ application as an interactive user. COM+ applications that use the interactive user identity can be used only if a user is logged on to the computer where the application resides. If no one is logged on, the COM+ application cannot run. In addition, if a user creates a COM+ application using interactive user, it will be more difficult to configure access to its persistence database and other resources. For more information about service accounts, see Using a Service Account.
  
  
• Reconfigure the identity for XLANG Scheduler. During setup, the XLANG Scheduler identity is automatically configured as Interactive User. This configuration is suitable for most developers. On production systems, you should change the identity property for the XLANG Scheduler so that the application runs under a unique user account. The identity is used by all messages sent by the XLANG Scheduler.

  Note

  • When using the client for Microsoft Windows 2000 Terminal Services to initiate an XLANG schedule, the COM+ application hosting the XLANG Scheduler Engine must have its identity set to a valid Windows 2000 user or group name. The identity of the COM+ application is set on the Identity page of the properties dialog box for that application. The identity cannot be set to interactive when using the XLANG Scheduler Engine through a session hosted by Terminal Services.
• Create a new COM+ application with a unique identity for every application that is hosting XLANG schedule instances. Create a new COM+ application with a unique identity for each business process, such as purchasing, with unique security requirements. This enables individual security levels to be specified for each application. In addition, it safeguards from excessive damage that can be done by unstable application code and makes it easier to audit the operations of individual applications.
  
  
• Install application-specific components into their associated business processes. This protects data and keeps out applications that do not have access to these components, provided the server application is adequately protected.

  Note

  • Each COM+ application must contain at least one component. If an application-specific component is not installed, a placeholder component in the application must be created and installed, or the COM+ application will not be available.
• Change the membership list of the XLANG Scheduler roles from their defaults to provide added security. When BizTalk Server is installed, the XLANG Scheduler is created and configured with the following roles, shown with their default settings:
  • XLANG Schedule Creator. Membership role defaults to Everyone.
    
    
  • XLANG Schedule User. Membership role defaults to Everyone.
    
    
  • XLANG Scheduler Administrator. Membership role defaults to Administrators.
    
    
  • XLANG Scheduler Application. Membership role defaults to Everyone.

Related Topics

Change the application identity for the default XLANG Scheduler application

Create a COM+ application to host XLANG schedules

XLANG Schedules