Skip to Main Content
COM & .NET Component Services
book

COM & .NET Component Services

by Juval Lowy
September 2001
Intermediate to advanced content levelIntermediate to advanced
384 pages
11h 59m
English
O'Reilly Media, Inc.
Content preview from COM & .NET Component Services

Basic Security Terms

To make the most of the security configurations COM+ has to offer, you need to be familiar with a few basic terms and concepts. The rest of this chapter makes frequent use of these terms.

Security Identity

A security identity is a valid account used to identify a user. The account can be local or an account on a domain server. Every COM+ entity, be it a client or an object, must have an identity associated with it so that COM+ can determine what that entity is capable of accessing. In Windows, all objects in the same process share the same identity, unless they make an explicit attempt to assume a different identity. You can configure a COM+ server application to always run under a particular identity or to run under the identity of the user who is currently logged on that Windows station. Objects from a COM+ library application run under the identity of the hosting process by default.

Authentication

Authentication has two facets. The first is the process by which COM+ verifies that the callers are who they claim to be. The second is the process by which COM+ ensures the integrity of the data sent by the callers. COM+ authentication relies on the underlying security provider—in most cases Windows 2000 built-in security.

In the Windows default security provider, the challenge/response protocol is used to authenticate the caller’s identity. Given that all callers must have a security identity, if the callers are who they say they are, then they must know the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Windows Server® 2008 Security Resource Kit

Windows Server® 2008 Security Resource Kit

Jesper M. Johansson

Publisher Resources

ISBN: 0596001037Supplemental ContentCatalog PageErrata