How to check security in a COM+ application by using Visual C++ .NET or Visual C++ 2005 (815708)


The information in this article applies to:

  • Microsoft Visual C++ 2005 Express Edition
  • Microsoft Visual C++ .NET (2003)
  • Microsoft Visual C++ .NET (2002)
For a Microsoft Visual Basic .NET version of this article, see 309023.
For a Microsoft Visual C# .NET version of this article, see 815709.

SUMMARY

An important function of most COM+ applications is to provide enhanced security. By using the System.EnterpriseServices namespace in the Microsoft .NET Framework, you can test and retrieve information that is based on COM+ security in the .NET Framework application.

To initiate COM+ security in a Microsoft Visual C++ .NET or Microsoft Visual C++ 2005 application, various class-level attributes and assembly-level attributes are used. Additionally, some objects are provided by the .NET Framework, such as the System.EnterpriseServices.SecurityCallContext object.

IN THIS TASK

INTRODUCTION

This step-by-step article discusses how to check the security of a COM+ application by using Microsoft Visual C++ .NET or Visual C++ 2005. In the .NET Framework, you can retrieve COM+ security information by using the System.EnterpriseServices namespace.

back to the top

Requirements

This article assumes that you are familiar with the following topics:
  • Developing COM+ applications
  • Developing classes by using Visual C++ .NET or Visual C++ 2005
  • Declaring class-level attributes and assembly-level attributes
The following list outlines the recommended hardware, software, network infrastructure, and service packs that you need:
  • Visual C++ .NET
  • Visual C++ 2005
back to the top

Create a new Visual C++ .NET or Visual C++ 2005 class library

  1. Start Microsoft Visual Studio .NET or Microsoft Visual Studio 2005.
  2. On the File menu, point to New, and then click Project.
  3. In Visual C++ .NET 2002, click Visual C++ Projects under Project Types, and then click Managed C++ Class Library under Templates.

    In Visual C++ .NET 2003, click Visual C++ Projects under Project Types, and then click Class Library (.NET) under Templates.

    In Visual C++ 2005, click Visual C++ under Project Types, and then click Class Library under Templates.
  4. In the Name text box, type CheckSecurity.
  5. In the Location text box, type C:\Test, and then click OK.
  6. In Visual C++ .NET 2002, add the following code to the CheckSecurity.h file:
    #using "System.EnterpriseServices.dll"
    In Visual C++ .NET 2003, click Add Reference on the Project menu. In the .NET components list, select System.EnterpriseServices, and then click OK.

    In Visual C++ 2005, click Reference on the Project menu, and then click Add New Reference. In the .NET components list, select System.EnterpriseServices, and then click OK.
  7. To create a strong name for your class library, follow these steps:
    1. Click Start, point to Programs, point to Microsoft Visual Studio .NET or Microsoft Visual Studio 2005, point to Visual Studio .NET Tools, and then click Visual Studio .NET Command Prompt.

      Note In Visual Studio 2005, point to Visual Studio Tools, and then click Visual Studio 2005 Command Prompt.
    2. Locate your Project directory.
    3. Type the following command at the command prompt:
      sn.exe -k VCSecurity.SNK
  8. In Solution Explorer, double-click the AssemblyInfo.cpp file, and then locate the following sample code: 
    [assembly:AssemblyKeyFileAttribute("")];
    Replace the previous sample code with the following sample code:
    [assembly:AssemblyKeyFileAttribute("VCSecurity.SNK")];
back to the top

Create class-level attributes and assembly-level attributes

  1. In Solution Explorer, double-click the CheckSecurity.h file.
  2. Add the following code to the CheckSecurity.h file after the using namespace System; line:
    using namespace System::EnterpriseServices;
    Note Use the using namespace statement in the System.EnterpriseServices namespaces so that you do not have to qualify declarations from these namespaces later in your code.
  3. Add the following Assembly attribute after the using statement to turn on security checking at the application level:
    [assembly:ApplicationAccessControl(true)];
  4. Add the following attribute after the Assembly attribute that you added in step 3 to set the application as a server-activated application:
    [assembly:ApplicationActivation(ActivationOption::Server)];
  5. Locate the following code:
    public __gc class Class1
  6. Add the following class attribute to turn on security checking in the component:
    [ComponentAccessControl(true)]
  7. Add a second class attribute to create a Manager role with no default users:
    [SecurityRole("Manager")]
  8. Add a third class attribute to create a Guest role that includes the Everyone user group:
    [SecurityRole("Guest",true)]
back to the top

Create the component code

  1. Rename the Class1 class as the VCSecure class in the class definition.
  2. Modify the code as follows to inherit the VCSecure class from the System.EnterpriseServices.ServicedComponent class: 
    public __gc class VCSecure : public System::EnterpriseServices::ServicedComponent
  3. Add the following code to the class:
    public:
bool CheckManagerRole(void)
{
	if(ContextUtil::IsSecurityEnabled)
	{
		return SecurityCallContext::CurrentCall->IsCallerInRole("Manager");
	}

	return false;
}

String* GetAccountName(void)
{
	if(ContextUtil::IsSecurityEnabled)
	{
		return SecurityCallContext::CurrentCall->OriginalCaller->AccountName;
	}

	return NULL;
}
    Note You must add the common language runtime support compiler option (/clr:oldSyntax) in Visual C++ 2005 to successfully compile the previous code sample. To add the common language runtime support compiler option in Visual C++ 2005, follow these steps:
    1. Click Project, and then click <ProjectName> Properties.

      Note <ProjectName> is a placeholder for the name of the project.
    2. Expand Configuration Properties, and then click General.
    3. Click to select Common Language Runtime Support, Old Syntax (/clr:oldSyntax) in the Common Language Runtime support project setting in the right pane, click Apply, and then click OK.
    For more information about the common language runtime support compiler option, visit the following Microsoft Web site:

    /clr (Common Language Runtime Compilation)
    http://msdn2.microsoft.com/en-us/library/k8d11d4s.aspx

    These steps apply to the whole article.
  4. Add the following header file declaration after the #pragma once statement:
    #include <tchar.h>
back to the top

Build the project, and then install the application

  1. Save the project, and then build the project.
  2. Click Start, point to Programs, point to Microsoft Visual Studio .NET, point to Visual Studio .NET Tools, and then click Visual Studio .NET Command Prompt.
  3. At the command prompt, locate the Debug folder for your project.
  4. Use the following command to install the assembly in the Global Assembly Cache:

    gacutil /i CheckSecurity.dll

    Note You can also do this by using the .NET Configuration snap-in for the Microsoft Management Console.
  5. Use the following command to register the application with COM+:

    regsvcs CheckSecurity.dll

    Note Administrative credentials are required for this step.
back to the top

Create the test harness project

  1. Start Visual Studio .NET or Visual Studio 2005.
  2. On the File menu, point to New, and then click Project.
  3. In Visual C++ .NET 2002, click Visual C++ Projects under Project Types, and then click Managed C++ Application under Templates.

    In Visual C++ .NET 2003, click Visual C++ Projects under Project Types, and then click Console Application (.NET) under Templates.

    In Visual C++ 2005, click Visual C++ under Project Types, and then click Console Application under Templates.
  4. In the Name text box, type TestClient.
  5. In the Location text box, type C:\Test, and then click OK.
  6. In Visual C++ .NET 2002, add the following code to the TestClient.cpp file:
    #using "System.EnterpriseServices.dll"
    #using "..\CheckSecurity\Debug\CheckSecurity.dll"
    In Visual C++ .NET 2003, click Add Reference on the Project menu. In the .NET components list, select System.EnterpriseServices, and then click Select. Click Browse, locate the bin folder of the CheckSecurity project, click CheckSecurity.dll, and then click Open. Click OK to close the Open dialog box.

    In Visual C++ 2005, click Reference on the Project menu, and then click Add New Reference. In the .NET components list, click System.EnterpriseServices, and then click Select. Click Browse, locate the bin folder of the CheckSecurity project, click CheckSecurity.dll, and then click Open. Click OK to close the Open dialog box.
  7. In Solution Explorer, double-click the TestClient.cpp file.

    The TestClient.cpp file opens.
  8. In the Main function, replace the existing code with the following code:
    CheckSecurity::VCSecure *secObject = new CheckSecurity::VCSecure();

if(secObject->CheckManagerRole())
{		
	Console::WriteLine(S"You are a manager.");
}
else
{
	Console::WriteLine(S"You are not a manager.");
}

Console::WriteLine(S"Your account name is: {0}", secObject->GetAccountName());
secObject->Dispose();

Console::WriteLine(S"Press ENTER to exit");
Console::ReadLine();

return 0;
back to the top

Run the test harness project

  1. Save and then build the test harness project.
  2. Run the project, and then confirm that the "You are not a manager" message now appears with your Windows user information.

    Confirm this message before you quit the project.
back to the top

Add a user to the manager role, and then retest the test harness project

  1. Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
  2. In the Component Services administration tool, locate the ComponentServices\Computers\My Computer\COM+ Applications\CheckSecurity application.
  3. Expand the Roles folder. Expand the Manager folder. Expand the Users folder, and then right-click Users.
  4. Click New, and then click User. Click Advanced, and then click Find Now. In the list of users, click the account that was displayed by the security application that you previously tested.

    This will be your user account.
  5. Click OK, and then click OK again to close the Select Users or Groups dialog box.
  6. Retest the test harness project to confirm that the "You are a manager" message now appears.
back to the top

Troubleshooting

The following information may help you with troubleshooting your project:
  • The client code for this example works when the client application is installed on the same computer as the server component. You must use the .NET Framework remoting feature if you want to install the client application on a different computer.
  • Use the uninstall option for Gactutil.exe (gacutil /u server) to remove the server component from the Global Assembly Cache. When you install a new version, the earlier version is not removed from the cache.
back to the top

REFERENCES

For additional information about using COM+ security, see the System.EnterpriseServices Namespace topic in the ".NET Framework Class Library" section of the .NET Framework Reference documentation.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

815807 HOW TO: Install an assembly in the global assembly cache in Visual C++ .NET

back to the top
Modification Type:MajorLast Reviewed:1/5/2006
Keywords:kbCOMServices kbcomplusobj kbSecurity kbinfo kbcode kbProgramming kbAuthentication kbHOWTOmaster KB815708 kbAudDeveloper kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.