Items Details

Authorization

Select the Enforce access checks for this application check box to enforce role-based access checks for the application. When roles are defined for an application, a caller's role membership is checked on every call into the application.

Security Level

Click Perform access checks only at the process level to enable access checks only at the application level; no role checking is performed at the component, interface, or method levels. If the Enforce access checks for this application check box is not selected, this setting is ignored.

Click Perform access checks at the process and component level to enable access checks at every level on calls into the application. Role checking is performed at the application level and at the component, interface, and method levels for any component that has Enforce component level access checks selected on its component properties Security tab. If the Enforce access checks for this application check box is not selected, this setting is ignored.

Software Restriction Policy

Select the Apply software restriction policy check box to configure the trust level of the software restriction policy for this application in the Restriction Level drop-down box. If the check box is not selected, the system-wide configuration of the software restriction policy is used.

Authentication Level for Calls

When you set an authentication level for an application, you determine what degree of authentication is performed when clients call into the application. Higher authentication levels provide greater security and integrity. The authentication level that you select takes effect the next time that the application is started.

Select the appropriate authentication level. The following authentication levels are in order from lowest to highest:

  • None: No authentication occurs.

  • Connect: Authenticates credentials only when the connection is made.

  • Call: Authenticates credentials at the beginning of every call.

  • Packet: Authenticates credentials and verifies that all call data is received. This is the default setting for COM+ server applications.

  • Packet Integrity: Authenticates credentials and verifies that no call data has been modified in transit.

  • Packet Privacy: Authenticates credentials and encrypts the packet, including the data and the sender's identity and signature.

Impersonation Level

When you set an impersonation level for an application, you determine what degree of authority that the application grants other applications to use its identity when it calls them. You can set this impersonation level only for COM+ server applications. Library applications run under the identity of the hosting process, and they use the impersonation level that it specifies.

Select the appropriate impersonation level. The following impersonation levels are in order from least authority granted to greatest authority granted:

  • Anonymous: The client is anonymous to the server. The server can impersonate the client, but the impersonation token (a local credential) does not contain any information about the client.

  • Identify: The server can obtain the client's identity, and it can impersonate the client to determine access-checking levels.

  • Impersonate: This is the default setting for the COM+ server applications. The server can impersonate the client while acting on its behalf, although with restrictions. The server can access resources on the same computer as the client. If the server is on the same computer as the client, it can access network resources as the client. If the server is on a computer that is different from the client, it can access only resources that are on the same computer as the server.

  • Delegate: The server can impersonate the client while acting on its behalf, whether or not on the server is on the same computer as the client. During impersonation, the client's credentials (both the credentials with local validity and the credentials with network validity) can be passed to any number of computers.

Table Of Contents