Using COM+ Security in a Web-Based Application


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 2 of 2

Thread: Using COM+ Security in a Web-Based Application

  1. #1
    Chris Cubley Guest

    Using COM+ Security in a Web-Based Application


    I am currently designing a web-based credit card processing app using VB and
    COM+. I want to take adavantage of the COM+ security model so that I don't
    have to spend my time writing security and user management code. The application
    will be deployed over the Internet (NOT an intranet) and will require users
    to log into the application. This login should define the users access rights
    and also define what they will see. (Every user will be able to see only
    information that pertains to their account.) My problem is twofold. First,
    COM+ security seems to be based on NT logins. This application's users will
    not have NT accounts because they will be browser-based clients. Second,
    how do I customize the user's content and access permissions to allow them
    to view their data and only their data? COM+ roles don't seem particularly
    well-suited to that task. Any suggestions on how to adapt COM+ security
    to be useful in my app or will I have to write the security code myself?
    Share on Google+

  2. #2
    Tom Shreve Guest

    Re: Using COM+ Security in a Web-Based Application


    COM+ security doesn't have much to offer if you're dealing with anonymous
    Internet users. For the scenario you're describing, cookies are usually the
    approach used.

    Here's an Active Server Pages (ASP) overview (same basic principles with
    other web servers, however):

    1. User enters username and password into an HTML form and submits it.
    2. An ASP receives the post validates the user against your database and
    writes a cookie (with role information) back to the browser.
    3. The server-side script in your other ASPs check the cookie to determine
    what HTML to stream back to the browser.
    4. When server-side script calls COM+ objects, it can pass the user's username
    or role in as an argument. Programmatically, you'll have to implement logic
    based on the value of the argument. For example, pass the user's username
    in to the COM+ method that retrieves records from a database and use the
    username in a WHERE clause.
    5. For greater performance, run COM+ on the same box as IIS.

    Generally, COM+ declarative security is best used when the COM+ server is
    "exposed" to a network. When many different users can hit the box, COM+ security
    makes sure people can't call APIs that they shouldn't.

    Tom

    "Chris Cubley" <chrisc@televox.com> wrote:
    >
    >I am currently designing a web-based credit card processing app using VB

    and
    >COM+. I want to take adavantage of the COM+ security model so that I don't
    >have to spend my time writing security and user management code. The application
    >will be deployed over the Internet (NOT an intranet) and will require users
    >to log into the application. This login should define the users access

    rights
    >and also define what they will see. (Every user will be able to see only
    >information that pertains to their account.) My problem is twofold. First,
    >COM+ security seems to be based on NT logins. This application's users

    will
    >not have NT accounts because they will be browser-based clients. Second,
    >how do I customize the user's content and access permissions to allow them
    >to view their data and only their data? COM+ roles don't seem particularly
    >well-suited to that task. Any suggestions on how to adapt COM+ security
    >to be useful in my app or will I have to write the security code myself?


    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center