Serviced Components & Role-Based Security

Hello all. I've posted this on a few other newsgroups without any
luck; hopefully someone here can give me some clues on this issue.

I've written a serviced component in C# that interacts with some COM
components (in a separate process). All components are run on the same
machine (currently under the Administrator account). I've enabled role-
based security on the serviced component (at the component level)
through attributes in C#. This component implements the standard
IConnectionPointContainer interface. It looks like this:


In assembly.cs:


[assembly: ApplicationActivation(ActivationOption.Server)]
[assembly: ApplicationAccessControl(Value = true,

Authentication = AuthenticationOption.Integrity,

ImpersonationLevel = ImpersonationLevelOption.Identify,

AccessChecksLevel =
AccessChecksLevelOption.ApplicationComponent)]
[assembly: SecurityRole("MyRole")]


In the class's .cs file:


using System.Runtime.InteropServices;
using System.Runtime.InteropServices.ComTypes;
using System.EnterpriseServices;


[ComVisible(true)]
[ComponentAccessControl(true)]
[Guid("XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX")]
[ProgId("MyComponent.MyObject.1")]
public class MyObject: ServicedComponent, /* Other interfaces... */,
IConnectionPointContainer
{
[SecurityRole("MyRole")]
void IConnectionPointContainer.EnumConnectionPoints(out
IEnumConnectionPoints ppEnum)
{
// Implementation
}

[SecurityRole("MyRole")]
void IConnectionPointContainer.FindConnectionPoint(ref Guid
riid, out IConnectionPoint ppCP)
{
// Implementation
}

// Other interface implementations...
}


I can CoCreate my component using this IID, and call
IConnectionPointContainer's methods on it. However, if I have role-
based security enabled, the calls always fail with E_ACCESSDENIED. The
client code is run under a user account that is included within
"MyRole". In fact, the same client code can call other methods on this
component that are restricted to "MyRole". If I remove the role
restrictions from these specific methods (by commenting out the
SecurityRole attribute), it still does not work. If I turn off role-
based security on this component (by commenting out the
ComponentAccessControl attribute), it *does* work. So it seems there
is something odd going on with the IConnectionPointContainer interface
and role-based security.

One thing I am seeing is that IConnectionPointContainer does not
appear in the list of interfaces in the COM+ application GUI (in
Component Services) -- even though I am explicitly implementing the
interface and can CoCreate using that interface. I suspect this is
somehow related to my problem; maybe this interface is somehow being
treated "special" by the interop layer (I know that connection point
implementations are converted to .NET events, so I am guessing
something similar might happen with IConnectionPointContainers).
Although I tried this with the IEnumString interface as a test and had
the same problems; my guess is that all the interfaces in
System.Runtime.InteropServices.ComTypes have this issue.

Any ideas on what is going on here, or how I can fix it? I really
don't care if the interface appears in the COM+ application as long as
I can use it with the object. But the security problem is a real issue
for me. How can I get these methods to work properly with role-based
security?

Open the Com+ Applications on your PC
Find your com+ object
Open the properties
Then select the security tab

Change the Authentication Level for calls to: None

Hope that helps



*** Sent via Developersdex http://www.developersdex.com ***