MTS (and subsequently COM+1.0) introduced role-based security functionality to the Microsoft platform. This allowed application developers to make authorization decisions based on roles associated with the NT account on whose behalf code was executing. These checks could either be directly coded by the application developer, via the IsCallerInRole() method, or administratively configured to restrict access to COM interfaces or methods.
COM+1.0 additionally supports functionality to determine the “callers” in the call chain, where the caller refers to the NT account on whose behalf application code was running. For each caller, one can determine the SID, AccountName, Authentication Service, Authentication Level, and Impersonation Level. COM+1.0 also removed several restrictions on what code could perform role-based security checks.
MTS is available on Windows NT 4 systems with the NT 4 Option Pack installed. COM+1.0 services are available on Windows2000. Within these environments it should be possible to use these role-based security mechanisms from inside managed code so long as the managed code is exposed to MTS/COM+1.0 as a COM type. This makes it feasible to extend existing applications while taking advantage of the NGWS runtime.