Re: Access control of Windows Service and Interop

From: Dave McPherson [MS] (davemm@n0Spm.m1cr0s0ft.c0m)
Date: 04/24/03

• Next message: stephen Morabito: "Anonymous login"
• Previous message: JB: "How to Remove Auto-Fill Passwords"
• In reply to: Guogang: "Access control of Windows Service and Interop"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Dave McPherson [MS]" <davemm@n0Spm.m1cr0s0ft.c0m>
Date: Thu, 24 Apr 2003 13:21:18 -0700

> Question:
> 1. How will the access control be enforced? For example: I want to call a
> function of theWindwos Service to read/write a file, which the client
> account has no access to. But, we want to show the client a piece of
> information in the file through our program;

If the service app is acting as a trusted subsystem and is controlling
access to it's resources itself you have several choices as to how to
perform the access control. To validate a client has access you need to
define the type of operations or data you will expose to the clients and
then specify which clients can get which permissions to each exposed
resource in some policy information that you'd have to store somewhere. When
the client connects and requests a resource, either you or the runtime needs
to get the user/group info about the client and authorize their request.
Depending on the nature of the app (DCOM/Win32/VB/ASP, etc) and the target
server OS you have different choices. I'd start by reading the Authorization
Manager whitepaper avail at:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/maintain/security/AthManWp.asp

You can also look in the MSDN at

AzMan,

Asp.Net roles,

COM+ Roles

AuthzAPI

> 2. Is there detailed documentation of implementing Interop between a
service
> and client program?
>

The types of inter process communication you use depend on the platform.
There is a good chapter on services and client communications (and the
security) and some good samples in the book Programming Server-Side
applications for Microsoft Windows 2000 if you have access to that.

• Next message: stephen Morabito: "Anonymous login"
• Previous message: JB: "How to Remove Auto-Fill Passwords"
• In reply to: Guogang: "Access control of Windows Service and Interop"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: xhost and shot screen ... must be on local machine to enable or disable access control. ... Client is not authorized to connect to Server ... Don't use "xhost +". ... -- bill marcum the mushroom-eating laboratory monkey What kind of monkey are you? ... (comp.unix.admin) Re: xhost and shot screen ... must be on local machine to enable or disable access control. ... Client is not authorized to connect to Server ... Don't use "xhost +". ... -- bill marcum the mushroom-eating laboratory monkey What kind of monkey are you? ... (comp.unix.misc) xhost and shot screen ... I set xhost + on the server, ... must be on local machine to enable or disable access control. ... Client is not authorized to connect to Server ... (comp.unix.admin) xhost and shot screen ... I set xhost + on the server, ... must be on local machine to enable or disable access control. ... Client is not authorized to connect to Server ... (comp.unix.misc) Re: True Consulting Cost/Benefit ... Thanks for your suggestions and the question was not to be used for billing ... In fact most of our client projects where we will be ... salaries and have it factored into the cost of the projects for internal use ... While you can always record a billing rate for a resource, ... (microsoft.public.project)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint