Microsoft KB Archive/309023

= How to check security in a Visual Basic .NET or Visual Basic 2005 COM+ application =

Article ID: 309023

Article Last Modified on 12/6/2006

-

APPLIES TO


 * Microsoft Visual Basic 2005
 * Microsoft Visual Basic .NET 2003 Standard Edition
 * Microsoft Visual Basic .NET 2002 Standard Edition

-



This article was previously published under Q309023





IN THIS TASK
SUMMARY
 * Requirements
 * Create a New Visual Basic .NET Class Library
 * Create the Assembly and Class Attributes
 * Create the Component Code
 * Build and Install the Application
 * Create the Test Harness Application
 * Run the Test Harness
 * Add User to Manager Role and Retest
 * Troubleshooting

REFERENCES



SUMMARY
A key function of most COM+ applications is to provide security. It is possible to test and retrieve information based on COM+ security in .NET applications through the System.EnterpriseServices namespace in the .NET Framework.

To initiate COM+ security in a Visual Basic .NET or Visual Basic 2005 application, various class and assembly-level attributes are used, as well as some objects provided by the .NET Framework, such as the System.EnterpriseServices.SecurityCallContext object.

back to the top

Requirements
You need the following hardware, software, and network infrastructure to perform the procedures described in this article
 * Microsoft Visual Basic .NET or Microsoft Visual Basic 2005

as well as experience with the following:


 * Developing COM+ applications
 * Developing classes with Visual Basic .NET or Visual Basic 2005
 * Declaring class and assembly level attributes

back to the top

Create a New Visual Basic .NET or Visual Basic 2005 Class Library
 Start Microsoft Visual Studio .NET or Microsoft Visual Studio 2005, and then create a new Visual Basic Class Library project named &quot;Security.&quot; On the Project menu, click Add Reference. In the list of .NET components, click System.EnterpriseServices, click Select, and then click OK.

Note In Visual Studio 2005, you do not have to click Select. To create a strong name for your class library, click Start, click Run, and then type the following command:

&quot;C:\Program Files\Microsoft Visual Studio .NET\FrameworkSDK\Bin\sn.exe&quot; -k Security.SNK

Note In Visual Studio 2005, type the following command:

&quot;C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\sn.exe&quot; -k Security.SNK

 Copy the Security.SNK file to your project directory. Double-click the AssemblyInfo.vb file in the Solution Explorer to open it.  Add the following lines to the other Assembly information: <Assembly: AssemblyKeyFileAttribute(&quot;Security.SNK&quot;)> <Assembly: AssemblyDelaySign(False)> </li></ol>

back to the top

Create the Assembly and Class Attributes
<ol> Open Class1.vb in the code window, and then add an Imports statement to System.EnterpriseServices.</li>  To enable security checking at the application level, add the following Assembly attribute after the Imports statement: <Assembly: ApplicationAccessControl(True)> </li>  To set the application as a server-activated application, add the following attribute after the previous Assembly attribute: <Assembly: ApplicationActivation(ActivationOption.Server)> </li>  Add the following class attribute to enable security checking within the component: <ComponentAccessControl(True), _ </li>  Add a second class attribute to create a Manager role with no default users: SecurityRole(&quot;Manager&quot;), _ </li>  Add a third class attribute to create a Guest role that includes the Everyone user group by default: SecurityRole(&quot;Guest&quot;, True)> _ Your class module should currently appear as follows: Imports System.EnterpriseServices

<Assembly: ApplicationAccessControl(True)> <Assembly: ApplicationActivation(ActivationOption.Server)> <ComponentAccessControl(True), _ SecurityRole(&quot;Manager&quot;), _ SecurityRole(&quot;Guest&quot;, True)> _ Public Class Class1

End Class </li></ol>

back to the top

Create the Component Code
<ol> In the class definition, rename the class Secure .</li> Add an Inherits statement within the class to inherit from System.EnterpriseServices.ServicedComponent.</li>  Add the following code to the class: Public Sub New MyBase.New End Sub

Public Function CheckManagerRole As Boolean If ContextUtil.IsSecurityEnabled Then Return SecurityCallContext.CurrentCall.IsCallerInRole(&quot;Manager&quot;) End If End Function

Public Function GetAccountName As String If ContextUtil.IsSecurityEnabled Then Return SecurityCallContext.CurrentCall.OriginalCaller.AccountName End If End Function </li></ol>

back to the top

Build and Install the Application
<ol> Save and build the project.</li> Click Start, point to Programs, point to Microsoft Visual Studio .NET or Microsoft Visual Studio 2005, point to Visual Studio .NET Tools or Visual Studio 2005 Tools, and then click Visual Studio.NET Command Prompt or Visual Studio 2005 Command Prompt.</li> From the command prompt, navigate to your project's bin folder.</li> Use the following command to install the assembly into the Global Assembly Cache:

gacutil /i security.dll

NOTE: This can also be done by using the .NET Configuration snap-in for the Microsoft Management Console.</li> Use the following command to register the application with COM+:

regsvcs Security.dll

NOTE: Administrator privileges are required for this step.</li></ol>

back to the top

Create the Test Harness Application
<ol> Start Visual Studio .NET or Visual Studio 2005, and then create a new Visual Basic console application named TestSecurity.</li> On the Project menu, click Add Reference. In the list of .NET components, select System.EnterpriseServices, and then click Select. Click Browse, navigate to the bin folder of the Security project, select Security.dll, and then click Open. Click OK to close the dialog box.

Note In Visual Studio 2005, you do not have to cilck Select and Open.</li> <li>Open Module1.vb in the code editor, and then locate Sub Main.</li> <li> Add the following code to test the Security application: Dim s As New Security.Secure

If s.CheckManagerRole Then Console.WriteLine(&quot;You are a manager&quot;) Else Console.WriteLine(&quot;You are not a manager&quot;) End If

Console.WriteLine(&quot;Your account name is: &quot; & s.GetAccountName) s.Dispose Console.WriteLine(&quot;Press Enter to exit&quot;) Console.ReadLine </li></ol>

back to the top

Run the Test Harness

 * 1) Save and build the test harness project.
 * 2) Run the project, and then confirm that &quot;You are not a manager&quot; is displayed with your Windows user information before you quit the application.

back to the top

Add User to Manager Role and Retest

 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
 * 2) In the Component Services administration tool, navigate to the ComponentServices\Computers\My Computer\COM+ Applications\Security application.
 * 3) Expand the Roles\Manager\Users folder, and then right-click Users. On the context menu, click New, and then click User. In the list of users, click the account that was displayed by the Security application that you tested previously (this will be your user account). Click Add, and then click OK to close the dialog box.
 * 4) Retest the test harness to confirm that &quot;You are a manager&quot; is now displayed.

back to the top

Troubleshooting

 * The client code for this example works when the client application is installed on the same computer as the server component. .NET Remoting must be used if the client application is to be installed on a different computer.
 * Use the uninstall option for gactutil.exe (gacutil /u server) to remove the server component from the Global Assembly Cache. When you just install a new version, this does not remove the previous version from the cache.

back to the top

<div class="references_section">