This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!
COM+ 1.0 Security
A NGWS application can extend an existing application using COM+1.0 security services. To accommodate this need, the NGWS runtime provides mechanisms to integrate managed code with COM+1.0 security services. This functionality is only available on Windows 2000 and it relies on the NT token associated with executing code as the basis for identity.
The NGWS and COM+1.0 role-based security mechanisms are independent and you may use only one mechanism within a single application.
To simplify use of COM+1.0 security, the NGWS runtime provides a managed code wrapper so a managed application can easily access the COM+1.0 ISecurityContext. Applications using this mechanism will need to:
- Mark any types accessing this functionality with the ComEmulate custom attribute.
- Register these types with the COM+1.0 services registration database.
Developers should be aware of the following issues:
- Managed types marked as ComEmulate are indistinguishable from standard COM objects; therefore, all managed callers are required to have permission to access unmanaged code.
- COM+1.0 security relies on NT accounts and process/thread impersonation. If the managed code provides authentication services it will need to obtain an NT security token and do an impersonation prior to calling any COM objects.
- Any calls to managed types not marked as COMEmulate are opaque to COM+1.0 security services. That is, they are treated no differently than calls from COM objects to Win32 APIs in unmanaged DLLs.