Role-Based Security Technology Sample

  • Article

This sample demonstrates the use of role-based security. The server application reports which user account the client application is using and whether this account belongs to the administrator's role.

For information about using the samples, see the following topics:

To build the sample using the command prompt

  1. Open the Command Prompt window and navigate to one of the language-specific subdirectories under the RoleBasedSecurity directory.

  2. Type msbuild RoleBasedSecurityCS.sln or msbuild RoleBasedSecurityVB.sln, depending on your choice of programming language, from one of the language-specific subdirectories.

To build the sample using Visual Studio

  1. Open Windows Explorer and navigate to one of the language-specific subdirectories under the RoleBasedSecurity directory.

  2. Double-click RoleBasedSecurityCS.sln or RoleBasedSecurityVB.sln, depending on your choice of programming language, to open the file in Visual Studio.

  3. On the Build menu, click Build Solution.

To run the sample

  1. Navigate to the directory that contains the new executable, using the command prompt or Windows Explorer.

  2. Type RBSecDemo.exe at the command line, or double-click the icon for RBSecDemo.exe to launch it from Windows Explorer.

  3. Click the button labeled Display Logged On User. The account name of the user currently logged on should appear in the application window. Next, click the button labeled Is Caller in Demo Role? The message "You ARE in RBSecurityDemoRole" should appear.

  4. Launch the Component Services administrative tool (also called the "COM+ explorer"), by clicking Start\Administrative Tools\Component Services. Locate the RBSecDemoSvr COM+ application by expanding Component Services\Computers\My Computer\COM+ Applications in the left-hand COM+ explorer pane. Next, right-click the RBSecDemoSvr application and select "Properties". This will invoke the Properties dialog for the application. Click the "Security" tab. The information here corresponds to the settings specified by the ApplicationAccessControlAttribute. Uncheck the "Enforce access checks for this application" checkbox.

    Important noteImportant Note:

      This action disables COM+ security for all components contained in the application.

    Click OK to dismiss the properties dialog.

  5. Return to the RBSecDemo client application. Click Display Logged On User. The message "Unknown caller (Security is not enabled)" should appear. Click Is Caller In Demo Role?. The client still reports that the user is in the RBSecurityDemoRole, because when security is disabled, all calls into IsCallerInRole return true.

  6. Return to the COM+ explorer and invoke the RBSecDemoSvr properties page once more by right-clicking the application and selecting Properties. Click the tab labeled Security and recheck the Enforce access checks for this application checkbox. Security is enabled again for the application. Click OK to dismiss the properties dialog.

  7. Locate the Microsoft.Samples.Technologies.ComponentServices.RoleBasedSecurity.RBSecurityObject component by expanding "RBSecDemoSvr\Components". Right-click the "Microsoft.Samples.Technologies.ComponentServices.RoleBasedSecurity.RBSecurityObject" component and select Properties from the popup menu.

  8. Click the Security tab. The Authorization setting here corresponds to the ComponentAccessControlAttribute specified in the sample code. You should see a role labeled "RBSecurityDemoRole" listed as a role explicitly associated with the component. This role was created and bound to the sample component using the SecurityRoleAttribute in the sample code. Click OK to dismiss the properties dialog.

  9. In the COM+ explorer, expand the Roles folder located beneath the RBSecDemoSvr application. You should see the RBSecurityDemoRole here. Expand RBSecurityDemoRole\Users. You should see a single account ("Everyone") in the Users folder. Right-click "Everyone" and select Delete from the pop-up menu. Confirm the delete in the subsequent dialog. COM+ caches security settings related to roles, so you must shut down the RBSecDemoSvr application before you can observe the results of making this change. In the COM+ explorer, right-click the application and select Shut down from the pop-up menu.

  10. Return to the RBSecDemo client application. On clicking either button, you should see a MessageBox reporting that "Access is denied". An access denied security exception was thrown on object creation because the component RBSecurityDemoRole does not contain the current caller.

To uninstall the sample

  1. Navigate to the directory where you ran the MsBuild Tool, or launched the .sln file in Visual Studio.

  2. Run msbuild RoleBasedSecurityVB.sln /t:Clean or msbuild RoleBasedSecurityVB.sln /t:Clean, depending on your choice of programming language. This action calls the .NET Services Installation Tool (Regsvcs.exe) and the Global Assembly Cache Tool (Gacutil.exe) with the /u switch to remove the sample files from the COM+ catalog and Global Assembly Cache.

Requirements

Platform: Windows 2000, Windows XP, Windows Server 2003

.NET Framework Version: 2.0

Remarks

For more information about sample binary creation and registration steps, see the comments in the source code.

Information retrieved by the sample application includes:

  • Whether COM+ security is enabled.

  • Whether the current caller is a member of a security role created by the sample.

  • The account name of the current caller.

In the Component Services administrative tool, the component appears as Microsoft.Samples.Technologies.ComponentServices.RoleBasedSecurity.RBSecurityObject.

Note

You must run the Global Assembly Cache Tool (Gacutil.exe) to install the RBSecDemoSvr.dll assembly into the global assembly cache before running the sample. Gacutil.exe is located in the SDK\<version>\Bin directory. For example, for the Visual Basic version, navigate to the C:\Documents and Settings\Your User Name\My Documents\Samples\Technologies\ComponentServices\RoleBasedSecurity\VB\bin directory and type gacutil -i RBSecDemoSvr.dll.

The sample also demonstrates how to enable security at the application or component level and create security roles by means of attributes.

Note

   COM+ Security interoperability in .NET is provided for application developers who might wish to write a managed extension to an existing application that uses COM+ 1.0 security services. The .NET Framework provides its own role-based security. The two mechanisms are independent and only one of them should be used within a single application.

See Also

Reference

ApplicationAccessControlAttribute

ComponentAccessControlAttribute

ContextUtil

SecurityCallContext

SecurityRoleAttribute

ServicedComponent

System.ComponentModel

System.EnterpriseServices

Other Resources

Role-Based Security