473,473 Members | 1,510 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

.NET/COM+ security issues

I am trying to use COM+ security in a C# class by applying
the ComponentAccessControl attribute to the class, along
with SecurityRole attributes for any roles that I want to
have access to the whole class. My plan was to use the
SecurityRole attribute at method-level for those roles
that I only wanted to have access to specific methods
(e.g. those that don't write to the database).

However, I've hit a problem in that the constructor is
only available to the roles that have been applied at
class level, which then have access to all methods in the
class.

How can I get round this? I just want to be able to
provide access to all methods for some users and prevent
other users from calling methods that update the database.

Thanks in advance...

David.

Nov 22 '05 #1
5 1539
Hello David,

Thanks for your post. As I understand, you want to be able to provide
access to all methods for some users (e.g. the role name is UserA), and
also prevent other users (e.g. the role name is UserB) from calling methods
that update the database. Please correct me if there is any
misunderstanding. Now I'd like to share the following information:

We can assign the role to the class level for UserA and then assign the
role to the allowed method for UserB. To configure role-based security on
methods, the class must implement methods of an interface and must use the
SecureMethod attribute on the class level, or SecureMethod or SecurityRole
at the method level. Please refer to the following article for detailed
information:

Understanding Enterprise Services in .NET
http://www.gotdotnet.com/team/xmlentsvcs/espaper.aspx

Please feel free to let me know if you have any problems or concerns.

Have a nice day! :-)

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Nov 22 '05 #2
Hello David,

Thanks for your post. As I understand, you want to be able to provide
access to all methods for some users (e.g. the role name is UserA), and
also prevent other users (e.g. the role name is UserB) from calling methods
that update the database. Please correct me if there is any
misunderstanding. Now I'd like to share the following information:

We can assign the role to the class level for UserA and then assign the
role to the allowed method for UserB. To configure role-based security on
methods, the class must implement methods of an interface and must use the
SecureMethod attribute on the class level, or SecureMethod or SecurityRole
at the method level. Please refer to the following article for detailed
information:

Understanding Enterprise Services in .NET
http://www.gotdotnet.com/team/xmlentsvcs/espaper.aspx

Please feel free to let me know if you have any problems or concerns.

Have a nice day! :-)

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Nov 22 '05 #3
Hello Tim,

Thanks for your reply - I had a look at the article on
gotdotnet and the problem was that I did not have anyone
in the Marshaler role.

I'm pleased to finally find an article that
comprehensively covers role-based security in .NET - all
the previous articles that I have read did not mention the
Marshaler role, which is obviously very important!

Thanks again.

David.
-----Original Message-----
Hello David,

Thanks for your post. As I understand, you want to be able to provideaccess to all methods for some users (e.g. the role name is UserA), andalso prevent other users (e.g. the role name is UserB) from calling methodsthat update the database. Please correct me if there is anymisunderstanding. Now I'd like to share the following information:
We can assign the role to the class level for UserA and then assign therole to the allowed method for UserB. To configure role- based security onmethods, the class must implement methods of an interface and must use theSecureMethod attribute on the class level, or SecureMethod or SecurityRoleat the method level. Please refer to the following article for detailedinformation:

Understanding Enterprise Services in .NET
http://www.gotdotnet.com/team/xmlentsvcs/espaper.aspx

Please feel free to let me know if you have any problems or concerns.
Have a nice day! :-)

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
.

Nov 22 '05 #4
Hi David,

Thanks a lot for your feedback. I am very glad to hear that you have
resolved the prboelm. In addition, would you mind share the article so that
the community can benifit from it.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Nov 22 '05 #5
Hi Tim,

The article I referred to is the one that you mentioned in
your original post: -

Understanding Enterprise Services in .NET
http://www.gotdotnet.com/team/xmlentsvcs/espaper.aspx

Regards,

David.

-----Original Message-----
Hi David,

Thanks a lot for your feedback. I am very glad to hear that you haveresolved the prboelm. In addition, would you mind share the article so thatthe community can benifit from it.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
.

Nov 22 '05 #6
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
general security
by: Chris Mosser | last post by:
I'm still somewhat new with php, only able to play with it now and again. Anyway, I was recently sent an email about poss security flaws, not in php itself but in my code on a site that I am...
Latest Bytes
28
Who should security issues be reported to?
by: grahamd | last post by:
Who are the appropriate people to report security problems to in respect of a module included with the Python distribution? I don't feel it appropriate to be reporting it on general mailing lists.
Latest Bytes
2
ASP security model / file permissions to allow updating of a database
by: Fran Tirimo | last post by:
I am developing a small website using ASP scripts to format data retrieved from an Access database. It will run on a Windows 2003 server supporting FrontPage extensions 2002 hosted by the company...
Latest Bytes
0
Role Based Security Issue
by: ChrisB | last post by:
Hello: I am a member of a team creating a .NET application, and we seem to have run into an issue when trying to implement role based security. Our application makes use of a fairly common...
Latest Bytes
15
JS and security.
by: osfwofujro | last post by:
According to a financial website I tried to access without JavaScript: "the site uses JS for security reasons." How would using JS improve security? Thanks.
Latest Bytes
3
Calling out-of-proc COM object from ASP.NET
by: Martin Knopp | last post by:
Anybody here can shed some light on this issue? Is it at all possible to call out-of-proc COM objects from ASP.NET? If yes, what configuration settings are required? I played around many...
Latest Bytes
2
Bookmarklets & security issues in J2EE Webapps
by: gundam.f0rtre55 | last post by:
Hi everybody, for a new release of our J2EE Webapplication, our customer wish to allow the usage of bookmarklets. The application must be able to register URLs with several protocol types, one of...
Latest Bytes
1
security question(s)
by: nancy | last post by:
I am new to PHP but have done other programming can someone please hold my hand and slowly talk me through some simple security issues? I have seen in PHP documents that there are 'strip...
Latest Bytes
19
Choosing a host based on their PHP "security" measures
by: hansBKK | last post by:
Upfront disclaimer - I am a relative newbie, just starting out learning about PHP, mostly by researching, installing and playing with different scripts. I am looking for a host that will provide...
Latest Bytes
5
chat messenger - security issues?
by: prognoob | last post by:
I have searched online, and what I mostly come across is what these security issues are... for example, Worms, Backdoor Trojan Horses, Hijacking and Impersonation, Denial of Service etc. but I...
Latest Bytes
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Latest Bytes
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Latest Bytes
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Latest Bytes
1
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Latest Bytes
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
0
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us