why the NT server must login in

[zallen]

If i set a MTS package's ID to interactive user in NT,then the client cannot use the components in the package when NT login out.(login is ok).

when set the package's id to a sepcial user ,both 'login out' and 'login in' works! But running as special user causes me some trouble because i want to know the real caller of my method !

Any suggestions are appreciated!

 

[TomSark]

I don't know if this helps, but...

Microsoft recommends that you only use the interactive user setting while you are developing and testing. Once your package is to be deployed, they recommend that you set the identity of your package to a valid domain account.

If you want to identify the original caller and, yes, use the domain account as the identity, then use:

Dim objCtx As ObjectContext
Set objCtx = GetObjectContext()
ComponentOriginalCaller = ObjCtx.Security.GetOriginalCallerName()

Thanks,

Tom

 

[zallen]

Thank you very much! i will test it!


Regards!

 

[zallen]

Hi,TomSark

I have tested it using Delphi.But when setting pakage id as sepcail user ,i canot get then base client 's account name. My calling sequence is :

base client->component1 in package1->component2 in package2

when setting the package1's id as special user,in component2's method(below) i cannot get base client's account name.

procedure get_who(ObjCtx : IObjectContext; out strWho : string);
const
IID_SECURITY : TGUID = '{51372AEA-CAE7-11CF-BE81-00AA00A2FA25}';
var
SID : PSID;
Security : ISecurityProperty;
AName,ADomain : array[0..128] of Char;
cbName,cbDomain,peUse : Cardinal;
begin
strWho := 'N/A';

SID := nil;
cbName := 128 ;
cbDomain := 128;
if Assigned(ObjCtx) then begin
ObjCtx.QueryInterface(IID_SECURITY,Security);
Security.GetOriginalCallerSID(SID);

if SID <> nil then
try
if LookupAccountSid(nil,SID,
@AName,cbName,
@ADomain,cbDomain,peUse) then
strWho := AName ;
finally
Security.ReleaseSID(SID);
end;
end;
end;

Hope get your help!

 

[TomSark]

Are you using NT 4 or Win2K?

 

[zallen]

I'm using NT 4.

Regards!

 

[verdin]

I registred a component in MTS, but when I logoff (not shut down, no restart) the component can't be accessed, How can I configure MTS to restart as a Win NT service (like SQL Sever)

 

[TomSark]

Verdin,

Are you having an issue with component security here? Have you set roles and permissions on the package/component that prevent your access?

Just trying to guess what you are talking about here...


Tom

 

[karlp]

Running MTS components in a production environment should be run as a specified user.

It is possible to detect which user has called the object. Which language(s) are you using ?

 

[verdin]

TomSark:
First, thanks for your support.
Let me explain you. I registred to components in one package in MTS, I didn't use any special configuration, I don't have to use any security level, I left the default values in the Package's Properties Window. The problem is: When I only logoff (not Restart, not Shutdown) from the server and when I try to open an asp page that uses this components , they can't be loaded by tha asp page. But if I return to the server and Longon with &quot;any&quot; account, and I try to open the asp page it work very well...
I don't understand if I have to configure the MTS as a Windows NT service (like SQL Server works) or what else.

 

[BigLar]

If this is used within an NT security context, you can get the user's ID as described above. If you have a separate security context that provides site membership services and uses a proxy account to represent the users (such as Site Server) you will have to pass the user's authorized login ID to the COM objects as a parameter. We have ASP code in the responding page get the userID from the session object and pass it along to the COM object as a parameter.

Roles are the &quot;official&quot; way to check permissions, but I don't think they can provide indivdual identify information (someone please correct me if I am wrong).

Hope this is helpful.

Larry
Larryh@ecn.ab.ca

 

[zallen]

Hi BigLar ,
I agree with you basically! But i think there must exist a way to know the caller's identity as the &quot;IsCallerInRole&quot; method know caller's id first.
up to now i implement it similar with you(see code snippet above):

base client->component1 in package1->component2 in package2

.set package1's id as special NT user
.call get_who in compoent1 to get the base client's id
.pass the base client id to component2 as parameter

it work fine however what i really want to know is how to get the base client's id in comonent2(not passed by component1).

Any suggestions are appreciated!

 

[TomSark]

I've been reading some articles on MSDN and they indicate that you should not do this across multiple components...

Tom