Programmatic Role-Based Security
Sometimes, administrative role-based security it not granular enough for the task at hand. Consider a situation in which your application maintains a private resource (such as a database) that does not expose any public interfaces directly to the clients. You still want to allow only some callers of a method to access the resource and deny access to other callers who are not members of a specific role. The second (and more common) situation is when a method is invoked on your object and you want to know whether the caller is a member of a particular role so you can better handle the call.
To illustrate the second situation, suppose in the bank example, one of the requirements is that a customer can transfer money only if the sum involved is less than $5,000, whereas managers and tellers can transfer any amount. Declarative role-based security goes down only to the method level (not the parameter level) and can only assure you that the caller is a member of at least one of the roles you have granted access to.
To implement the requirement, you must find out the caller’s
role programmatically. Fortunately, COM+ makes it easy to do just
that. Remember that every method call is represented by a COM+
call
object (discussed in Chapter 2). The call object
implements an interface called
ISecurityCallContext
, obtained by calling
CoGetCallContext( )
.
ISecurityCallContext
provides a method called
IsCallerInRole( ),
which lets you verify the caller’s role ...
Get COM & .NET Component Services now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.