.NET/COM+ security issues

RE: .NET/COM+ security issues

Hello David,

Thanks for your post. As I understand, you want to be able to provide
access to all methods for some users (e.g. the role name is UserA), and
also prevent other users (e.g. the role name is UserB) from calling methods
that update the database. Please correct me if there is any
misunderstandin g. Now I'd like to share the following information:

We can assign the role to the class level for UserA and then assign the
role to the allowed method for UserB. To configure role-based security on
methods, the class must implement methods of an interface and must use the
SecureMethod attribute on the class level, or SecureMethod or SecurityRole
at the method level. Please refer to the following article for detailed
information:

Understanding Enterprise Services in .NET


Please feel free to let me know if you have any problems or concerns.

Have a nice day! :-)

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

RE: .NET/COM+ security issues

Hello David,

Thanks for your post. As I understand, you want to be able to provide
access to all methods for some users (e.g. the role name is UserA), and
also prevent other users (e.g. the role name is UserB) from calling methods
that update the database. Please correct me if there is any
misunderstandin g. Now I'd like to share the following information:

We can assign the role to the class level for UserA and then assign the
role to the allowed method for UserB. To configure role-based security on
methods, the class must implement methods of an interface and must use the
SecureMethod attribute on the class level, or SecureMethod or SecurityRole
at the method level. Please refer to the following article for detailed
information:

Understanding Enterprise Services in .NET


Please feel free to let me know if you have any problems or concerns.

Have a nice day! :-)

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

RE: .NET/COM+ security issues

Hello Tim,

Thanks for your reply - I had a look at the article on
gotdotnet and the problem was that I did not have anyone
in the Marshaler role.

I'm pleased to finally find an article that
comprehensively covers role-based security in .NET - all
the previous articles that I have read did not mention the
Marshaler role, which is obviously very important!

Thanks again.

David.
[color=blue]
>-----Original Message-----
>Hello David,
>
>Thanks for your post. As I understand, you want to be[/color]
able to provide[color=blue]
>access to all methods for some users (e.g. the role name[/color]
is UserA), and[color=blue]
>also prevent other users (e.g. the role name is UserB)[/color]
from calling methods[color=blue]
>that update the database. Please correct me if there is[/color]
any[color=blue]
>misunderstandi ng. Now I'd like to share the following[/color]
information:[color=blue]
>
>We can assign the role to the class level for UserA and[/color]
then assign the[color=blue]
>role to the allowed method for UserB. To configure role-[/color]
based security on[color=blue]
>methods, the class must implement methods of an interface[/color]
and must use the[color=blue]
>SecureMethod attribute on the class level, or[/color]
SecureMethod or SecurityRole[color=blue]
>at the method level. Please refer to the following[/color]
article for detailed[color=blue]
>information:
>
>Understandin g Enterprise Services in .NET
>http://www.gotdotnet.com/team/xmlentsvcs/espaper.aspx
>
>Please feel free to let me know if you have any problems[/color]
or concerns.[color=blue]
>
>Have a nice day! :-)
>
>Regards,
>
>HuangTM
>Microsoft Online Partner Support
>MCSE/MCSD
>
>Get Secure! -- www.microsoft.com/security
>This posting is provided "as is" with no warranties and[/color]
confers no rights.[color=blue]
>
>.
>[/color]

RE: .NET/COM+ security issues

Hi David,

Thanks a lot for your feedback. I am very glad to hear that you have
resolved the prboelm. In addition, would you mind share the article so that
the community can benifit from it.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

RE: .NET/COM+ security issues

Hi Tim,

The article I referred to is the one that you mentioned in
your original post: -

Understanding Enterprise Services in .NET


Regards,

David.

[color=blue]
>-----Original Message-----
>Hi David,
>
>Thanks a lot for your feedback. I am very glad to hear[/color]
that you have[color=blue]
>resolved the prboelm. In addition, would you mind share[/color]
the article so that[color=blue]
>the community can benifit from it.
>
>Have a nice day!
>
>Regards,
>
>HuangTM
>Microsoft Online Partner Support
>MCSE/MCSD
>
>Get Secure! -- www.microsoft.com/security
>This posting is provided "as is" with no warranties and[/color]
confers no rights.[color=blue]
>
>.
>[/color]