Microsoft KB Archive/815709

= How to verify the security features in Visual C# .NET or Visual C# 2005 COM+ applications =

Article ID: 815709

Article Last Modified on 11/14/2007

-

APPLIES TO


 * Microsoft Visual C# .NET 2002 Standard Edition
 * Microsoft Visual C# .NET 2003 Standard Edition
 * Microsoft Visual C# 2005 Express Edition

-





For a Microsoft Visual Basic .NET version of this article, see 309023.

IN THIS TASK

 * SUMMARY
 * Requirements
 * Create a New Visual C# .NET Class Library
 * Create the Assembly and Class Attributes
 * Create the Component Code
 * Build and Install the Application
 * Create the Test Harness Application
 * Run the Test Harness
 * Add User to the Manager Role and Retest
 * Troubleshoot
 * REFERENCES



SUMMARY
A primary function of most COM+ applications is to help provide more security on your computer. You can test and retrieve information that is based on the COM+ security features in .NET applications by using the System.EnterpriseServices namespace in the .NET Framework.

To initiate the COM+ security features in a Visual C# .NET or Visual C# 2005 application, various class and assembly-level attributes are used. Also used are some objects that are provided by the .NET Framework, such as the System.EnterpriseServices.SecurityCallContext object.

back to the top

Requirements
This article assumes that you have Microsoft Visual C# .NET installed on your computer, and that you are familiar with the following:
 * Developing COM+ applications
 * Developing classes by using Visual C# .NET or Visual C# 2005
 * Declaring class and assembly-level attributes

back to the top

Create a New Visual C# .NET or Visual C# 2005 Class Library
 Start either Microsoft Visual Studio .NET 2002, Microsoft Visual Studio .NET 2003, or Microsoft Visual Studio 2005, and then create a new Visual C# Class Library project that is named Security. On the Project menu, click Add Reference. In the list of .NET components, click System.EnterpriseServices, click Select, and then click OK.

Note In Visual Studio 2005, you do not have to click Select. To create a strong name for your class library, open a Visual Studio .NET command prompt or a Visual Studio 2005 command prompt, and then type the following command:  In Visual Studio .NET 2002:

&quot; \FrameworkSDK\Bin\sn.exe&quot; -k Security.SNK  In Visual Studio .NET 2003:

&quot; \SDK\v1.1\Bin\sn.exe&quot; -k Security.SNK  In Visual Studio 2005:

&quot; \SDK\v2.0\Bin\sn.exe&quot; -k Security.SNK </ul>

where  is the path of the Visual Studio .NET or Visual Studio 2005 folder on your computer: <ul> The Visual Studio .NET 2002 folder is typically located at:

C:\Program Files\Microsoft Visual Studio .NET

</li> The Visual Studio .NET 2003 folder is typically located at:

C:\Program Files\Microsoft Visual Studio .NET 2003

</li> The Visual Studio 2005 folder is typically located at:

C:\Program Files\Microsoft Visual Studio8

</li></ul> </li> Copy the Security.snk file your project folder.</li> To open the AssemblyInfo.cs file in Solution Explorer, double-click the file.</li>  Replace following lines of code in the AssemblyInfo.cs file: [assembly: AssemblyDelaySign(false)] [assembly: AssemblyKeyFile(&quot;&quot;)] with the following lines of code: [assembly: AssemblyDelaySign(false)] [assembly: AssemblyKeyFileAttribute(&quot;Security.snk&quot;)] </li></ol>

back to the top

Create the Assembly and Class Attributes
<ol> Open Class1.cs in the code window, and then add a USING statement to System.EnterpriseServices.</li>  To enable security checking at the application level, add the following Assembly attribute after the USING statement: [assembly: ApplicationAccessControl(true)] </li>  To set the application as a server-activated application, add the following attribute after the previous Assembly attribute: [assembly: ApplicationActivation(ActivationOption.Server)] </li>  Add the following class attribute to enable security checking in the component: [ComponentAccessControl(true)] </li>  Add a second class attribute to create a Manager role with no default users: [SecurityRole(&quot;Manager&quot;)] </li>  Add a third class attribute to create a Guest role that, by default, includes the Everyone user group: [SecurityRole(&quot;Guest&quot;,true)]

Your class module currently appears as follows: using System; using System.EnterpriseServices; [assembly: ApplicationAccessControl(true)] [assembly: ApplicationActivation(ActivationOption.Server)]

namespace Security {  [ComponentAccessControl(true)] [SecurityRole(&quot;Manager&quot;)] [SecurityRole(&quot;Guest&quot;,true)] public class Class1 {       public Class1 {       }    } } </li></ol>

back to the top

Create the Component Code
<ol> In the class definition, rename the class Class1 as Secure and remove the Class1 constructor from the class.</li> Inherit the Secureclass from System.EnterpriseServices.ServicedComponent.</li>  Add the following code to the Secure class: public Secure {            // TODO: Add constructor logic here }     public bool CheckManagerRole {        if (ContextUtil.IsSecurityEnabled) return SecurityCallContext.CurrentCall.IsCallerInRole(&quot;Manager&quot;); else return(false); }

public string GetAccountName {        if (ContextUtil.IsSecurityEnabled) return (SecurityCallContext.CurrentCall.OriginalCaller.AccountName); else return (null); } </li></ol>

back to the top

Build and Install the Application
<ol> Save and build the project.</li> <li>Click Start, point to Programs, point to Microsoft Visual Studio .NET, Microsoft Visual Studio .NET 2003, or Microsoft Visual Studio 2005, point to Visual Studio .NET Tools, and then click Visual Studio .NET Command Prompt.

Note In Visual Studio 2005, point to Visual Studio 2005 Tools instead of Visual Studio .NET Tools, and then click Visual Studio 2005 Command Prompt.</li> <li>At the command prompt, change to the bin\Debug directory of your project.</li> <li>To install the assembly in the Global Assembly Cache, run the following command:

gacutil /i security.dll

Note You can also do this by using the .NET Configuration snap-in for the Microsoft Management Console.</li> <li>To register the application with COM+, run the following command:

regsvcs Security.dll

Note You must have administrative credentials to do this step.</li></ol>

back to the top

Create the Test Harness Application
<ol> <li>Start either Visual Studio .NET 2002, Visual Studio .NET 2003, or Visual Studio 2005, and then create a new Visual C# console application that is named TestSecurity.</li> <li>On the Project menu, click Add Reference.</li> <li>In the list of .NET components, select System.EnterpriseServices, and then click Select.

Note In Visual Studio 2005, click OK instead of Select</li> <li>Click Browse, move to the debug folder of the Security project, select Security.dll, click Open, and then click OK.

Note In Visual Studio 2005, click OK instead of Open.</li> <li>Open Class1.cs in the code editor, and then locate Main.</li> <li> Add the following code to test the Security application: Secure s = new Security.Secure;

if (s.CheckManagerRole ) Console.WriteLine(&quot;You are a manager&quot;); else Console.WriteLine(&quot;You are not a manager&quot;);

Console.WriteLine(&quot;Your account name is: &quot; + s.GetAccountName); s.Dispose; Console.WriteLine(&quot;Press Enter to exit&quot;); Console.ReadLine; </li></ol>

back to the top

Run the Test Harness

 * 1) Save and build the test harness project.
 * 2) Run the project, and then confirm that the words &quot;You are not a manager&quot; appear together with your Windows user information before you quit the application.

back to the top

Add User to the Manager Role and Retest
<ol> <li>Click Start, point to Programs, point to Administrative Tools, and then click Component Services.</li> <li>In the Component Services administration tool, move to the following folder:

ComponentServices\Computers\My Computer\COM+ Applications\Security application

</li> <li>In the Roles\Manager\Users folder, right-click Users, click New, and then click User.</li> <li>In the list of users, click the account that was displayed by the Security application that you tested previously (this account will be your user account). Click Add, and then click OK.</li> <li>Retest the test harness to confirm that &quot;You are a manager&quot; appears.</li></ol>

back to the top

Troubleshoot

 * The client code for this example works when the client application is installed on the same computer that the server component is installed on. If the client application is to be installed on a different computer, you have to use .NET Remoting.
 * Use the Uninstall option for Gactutil.exe (gacutil /u server) to remove the server component from the Global Assembly Cache. When you only install a new version, the previous version is not removed from the cache.

back to the top

<div class="references_section">