Everyone thinks security is necessary, but no one really wants to implement it. Developers often view security in the same light as setup programs—as a necessary evil that is put off until everything else is done. This chapter will make the transition to security easier. First, you will learn some of the terms related to security. Then you will learn how to use the COM+ features for security. The last part of the chapter discusses web-based security with IIS.
Before you can understand how COM+ security works, you must understand some security terms.
NT and Windows 2000 are secure operating systems. In a secure
operating system, resources such as files, printers, programs, and so
on can be protected against unwanted access. Secure operating systems
are also able to log each access attempt against one of the
resources. To gain access to a resource, a
principal -- that is, a person or a computer
attempting to access the resource—must be authenticated. The
purpose of authentication is to prove to the operating system that
the principal attempting to gain access to the resource is in fact
who it claims to be. Principals prove their identity by presenting a
set of credentials. The software that checks the credentials and
certifies that the principal is in fact who it claims to be is known
as the authority. The
is a service in Windows NT or Windows 2000 that runs
Windows NT and Windows 2000 enable companies ...