Chapter 10. COM+ Security

Everyone thinks security is necessary, but no one really wants to implement it. Developers often view security in the same light as setup programs—as a necessary evil that is put off until everything else is done. This chapter will make the transition to security easier. First, you will learn some of the terms related to security. Then you will learn how to use the COM+ features for security. The last part of the chapter discusses web-based security with IIS.

Security Terminology

Before you can understand how COM+ security works, you must understand some security terms.

Windows NT and Windows 2000 are secure operating systems. In a secure operating system, resources such as files, printers, programs, and so on can be protected against unwanted access. Secure operating systems are also able to log each access attempt against one of the resources. To gain access to a resource, a principal -- that is, a person or a computer attempting to access the resource—must be authenticated. The purpose of authentication is to prove to the operating system that the principal attempting to gain access to the resource is in fact who it claims to be. Principals prove their identity by presenting a set of credentials. The software that checks the credentials and certifies that the principal is in fact who it claims to be is known as the authority. The authority is a service in Windows NT or Windows 2000 that runs under LSASS.EXE.

Windows NT and Windows 2000 enable companies ...

Get COM+ Programming with Visual Basic now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.