"Dominick Baier" <dotnet@leastprivilege.com> wrote in message news:<uyL8PNumEHA.2864@tk2msftngp13.phx.gbl>...
> hi,
>
> i am afraid - this won't work.
>
> COM+ and .NET Role Based Security are not compatible.
>
> COM+ is tied to windows accounts - you are using custom roles
>
> COM+ does not expose the IPrincipal through Thread.CurrentPrincipal - it uses the COM+ security context which is exposed through SecurityCallContext.CurrentCall.DirectCaller (or similar).
>
> Impersonation in COM+ also does not work through WindowsIdentity.Impersonate - but only through DLLImporting CoImpersonateClient e.g.
>
> there is an article on msdn which may be interesting
>
> http://msdn.microsoft.com/msdnmag/issues/02/05/rolesec/
>
>
>
> ---
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> nntp://news.microsoft.com/microsoft.public.dotnet.security/<501d83a1.0409141331.64a8d576@posting.google.com>
>
> Hi,
>
> My database holds information about users, groups and roles and
> I've written a custom principal class (implements IPrincipal) to read
> this information from tables.
>
> When a user signs on to my ASP.NET web app, I first use the forms
> authentication to authenticate the user, then I construct the custom
> principal object with all associated roles populated, then I attach
> this principal object to the current thread (Thread.CurrentPrincipal =
> ...).
>
> Next, what I want to do is that when I call a COM+ component on a
> remote machine (an app server), I want to use the same set of roles to
> do the role-based security check. For example, if I have the role
> "Manager" in my custom principal object, I would like to see a call to
> the following method successful:
>
> [SecurityRole("Manager")]
> [AutoComplete]
> public DataSet GetList(int iOrderNumber)
> {
> // get data
> }
>
> Does anyone here know how to do this (I could only make this work
> when my COM+ package was set as a library application, but not server
> application.)?
>
> Thanks.
>
> -Linus
>