How to check security in a Visual Basic .NET or Visual Basic 2005 COM+ application (309023)


The information in this article applies to:

  • Microsoft Visual Basic 2005
  • Microsoft Visual Basic .NET (2003)
  • Microsoft Visual Basic .NET (2002)
This article was previously published under Q309023

IN THIS TASK

SUMMARY

A key function of most COM+ applications is to provide security. It is possible to test and retrieve information based on COM+ security in .NET applications through the System.EnterpriseServices namespace in the .NET Framework.

To initiate COM+ security in a Visual Basic .NET or Visual Basic 2005 application, various class and assembly-level attributes are used, as well as some objects provided by the .NET Framework, such as the System.EnterpriseServices.SecurityCallContext object.

back to the top

Requirements

You need the following hardware, software, and network infrastructure to perform the procedures described in this article
  • Microsoft Visual Basic .NET or Microsoft Visual Basic 2005
as well as experience with the following:
  • Developing COM+ applications
  • Developing classes with Visual Basic .NET or Visual Basic 2005
  • Declaring class and assembly level attributes
back to the top

Create a New Visual Basic .NET or Visual Basic 2005 Class Library

  1. Start Microsoft Visual Studio .NET or Microsoft Visual Studio 2005, and then create a new Visual Basic Class Library project named "Security."
  2. On the Project menu, click Add Reference. In the list of .NET components, click System.EnterpriseServices, click Select, and then click OK.

    Note In Visual Studio 2005, you do not have to click Select.
  3. To create a strong name for your class library, click Start, click Run, and then type the following command:

    "C:\Program Files\Microsoft Visual Studio .NET\FrameworkSDK\Bin\sn.exe" -k Security.SNK

    Note In Visual Studio 2005, type the following command:

    "C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\sn.exe" -k Security.SNK

  4. Copy the Security.SNK file to your project directory.
  5. Double-click the AssemblyInfo.vb file in the Solution Explorer to open it.
  6. Add the following lines to the other Assembly information:
    <Assembly: AssemblyKeyFileAttribute("Security.SNK")> 
<Assembly: AssemblyDelaySign(False)>
back to the top

Create the Assembly and Class Attributes

  1. Open Class1.vb in the code window, and then add an Imports statement to System.EnterpriseServices.
  2. To enable security checking at the application level, add the following Assembly attribute after the Imports statement:
    <Assembly: ApplicationAccessControl(True)>
  3. To set the application as a server-activated application, add the following attribute after the previous Assembly attribute:
    <Assembly: ApplicationActivation(ActivationOption.Server)>
  4. Add the following class attribute to enable security checking within the component:
    <ComponentAccessControl(True), _
  5. Add a second class attribute to create a Manager role with no default users:
    SecurityRole("Manager"), _
  6. Add a third class attribute to create a Guest role that includes the Everyone user group by default:
    SecurityRole("Guest", True)> _
    Your class module should currently appear as follows: 
    Imports System.EnterpriseServices

<Assembly: ApplicationAccessControl(True)> 
<Assembly: ApplicationActivation(ActivationOption.Server)> 
<ComponentAccessControl(True), _
SecurityRole("Manager"), _
SecurityRole("Guest", True)> _
Public Class Class1

End Class
back to the top

Create the Component Code

  1. In the class definition, rename the class Secure.
  2. Add an Inherits statement within the class to inherit from System.EnterpriseServices.ServicedComponent.
  3. Add the following code to the class:
    Public Sub New()
    MyBase.New()
End Sub

Public Function CheckManagerRole() As Boolean
    If ContextUtil.IsSecurityEnabled Then
        Return SecurityCallContext.CurrentCall.IsCallerInRole("Manager")
    End If
End Function

Public Function GetAccountName() As String
    If ContextUtil.IsSecurityEnabled Then
        Return SecurityCallContext.CurrentCall.OriginalCaller.AccountName
    End If
End Function
back to the top

Build and Install the Application

  1. Save and build the project.
  2. Click Start, point to Programs, point to Microsoft Visual Studio .NET or Microsoft Visual Studio 2005, point to Visual Studio .NET Tools or Visual Studio 2005 Tools, and then click Visual Studio.NET Command Prompt or Visual Studio 2005 Command Prompt.
  3. From the command prompt, navigate to your project's bin folder.
  4. Use the following command to install the assembly into the Global Assembly Cache:

    gacutil /i security.dll

    NOTE: This can also be done by using the .NET Configuration snap-in for the Microsoft Management Console.
  5. Use the following command to register the application with COM+:

    regsvcs Security.dll

    NOTE: Administrator privileges are required for this step.
back to the top

Create the Test Harness Application

  1. Start Visual Studio .NET or Visual Studio 2005, and then create a new Visual Basic console application named TestSecurity.
  2. On the Project menu, click Add Reference. In the list of .NET components, select System.EnterpriseServices, and then click Select. Click Browse, navigate to the bin folder of the Security project, select Security.dll, and then click Open. Click OK to close the dialog box.

    Note In Visual Studio 2005, you do not have to cilck Select and Open.
  3. Open Module1.vb in the code editor, and then locate Sub Main.
  4. Add the following code to test the Security application:
    Dim s As New Security.Secure()

If s.CheckManagerRole() Then
    Console.WriteLine("You are a manager")
Else
    Console.WriteLine("You are not a manager")
End If

Console.WriteLine("Your account name is: " & s.GetAccountName)
s.Dispose()
Console.WriteLine("Press Enter to exit")
Console.ReadLine()
back to the top

Run the Test Harness

  1. Save and build the test harness project.
  2. Run the project, and then confirm that "You are not a manager" is displayed with your Windows user information before you quit the application.
back to the top

Add User to Manager Role and Retest

  1. Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
  2. In the Component Services administration tool, navigate to the ComponentServices\Computers\My Computer\COM+ Applications\Security application.
  3. Expand the Roles\Manager\Users folder, and then right-click Users. On the context menu, click New, and then click User. In the list of users, click the account that was displayed by the Security application that you tested previously (this will be your user account). Click Add, and then click OK to close the dialog box.
  4. Retest the test harness to confirm that "You are a manager" is now displayed.
back to the top

Troubleshooting

  • The client code for this example works when the client application is installed on the same computer as the server component. .NET Remoting must be used if the client application is to be installed on a different computer.
  • Use the uninstall option for gactutil.exe (gacutil /u server) to remove the server component from the Global Assembly Cache. When you just install a new version, this does not remove the previous version from the cache.
back to the top

REFERENCES

For more information about using COM+ security, view the information provided in the System.EnterpriseServices Namespace topic in the ".NET Framework Class Library" section of the .NET Framework Reference in the .NET Framework documentation.

back to the top





Modification Type:MinorLast Reviewed:10/3/2006
Keywords:kbvs2005applies kbvs2005swept kbHOWTOmaster kbinfo KB309023 kbAudDeveloper kbAudITPro
©2004 Microsoft Corporation. All rights reserved.