 |
Show Changes |
|
Edit |
|
|
|
Recent Changes |
|
Subscriptions |
|
Lost and Found |
|
Find References |
|
Rename |
| Search |
History
| 7/27/2004 8:28:11 AM |
|
List all versions |
|
Show Changes |
|
Edit |
|
|
|
Recent Changes |
|
Subscriptions |
|
Lost and Found |
|
Find References |
|
Rename |
| Search |
History
| 7/27/2004 8:28:11 AM |
|
List all versions |
You might be wondering why you need to configure COM security settings in an ASP.NET application, but if your application makes or receives any out-of-process COM calls, you'll want to know how to control these settings. A lot of new ASP.NET applications rely on existing COM+ infrastructure. Even if your ASP.NET application acts only as a COM client, you still want these settings to be in your control.
If you're using IIS 5, it's quite easy to configure these settings for the ASP.NET worker process, ASPNET_WP.EXE. Just go into machine.config, find the <processModel> section, and edit the comAuthenticationLevel and comImpersonationLevel attributes. Here are the various settings they can take:
comAuthenticationLevel="Default|None|Connect|Call|
Pkt|PktIntegrity|PktPrivacy"
comImpersonationLevel="Default|Anonymous|
Identify|Impersonate|Delegate"
And here's how I suggest you configure these settings by default:
comAuthenticationLevel="PktPrivacy" comImpersonationLevel="Impersonate"
In IIS 6, you can no longer use the <processModel> section to edit these settings. Instead, you must use some registry settings (for which I've found no documentation as of this writing ). When you configure the registry settings I'm about to show you, you're controlling the settings of all application pools; all IIS 6 worker processes use the same settings. Unfortunately, there's no way to configure them for individual application pools.
According to my sources inside Microsoft, by default each IIS 6 worker process calls CoInitializeSecurity with the following settings:
If you want to adjust these settings (in my opinion, you should), here's what you need to do. In the registry, find the key HKLM\System\CurrentControlSet\Services\w3svc\Parameters and create four named values of type DWORD. The first should be CoInitializeSecurityParam, and its value should be 1. This tells the worker process to pay attention to the next three settings: AuthenticationLevel, ImpersonationLevel, and AuthenticationCapabilities. If specified, the IIS 6 worker process will use these values when it calls CoInitializeSecurity. Figure 55.1 shows the settings I recommend, which ensure the following defaults for COM security in any IIS 6 worker process.
Figure 55.1 Configuring COM security in the IIS 6 worker process
If you're wondering where the numbers in Figure 55.1 came from, they're just the values that you pass to CoInitializeSecurity, and they're defined in the Win32 header files as shown in Figure 55.2.
// Authentication Levels
#define RPC_C_AUTHN_LEVEL_DEFAULT 0
#define RPC_C_AUTHN_LEVEL_NONE 1
#define RPC_C_AUTHN_LEVEL_CONNECT 2
#define RPC_C_AUTHN_LEVEL_CALL 3
#define RPC_C_AUTHN_LEVEL_PKT 4
#define RPC_C_AUTHN_LEVEL_PKT_INTEGRITY 5
#define RPC_C_AUTHN_LEVEL_PKT_PRIVACY 6
// Impersonation Levels
#define RPC_C_IMP_LEVEL_DEFAULT 0
#define RPC_C_IMP_LEVEL_ANONYMOUS 1
#define RPC_C_IMP_LEVEL_IDENTIFY 2
#define RPC_C_IMP_LEVEL_IMPERSONATE 3
#define RPC_C_IMP_LEVEL_DELEGATE 4
typedef enum tagEOLE_AUTHENTICATION_CAPABILITIES {
EOAC_NONE = 0x0,
EOAC_MUTUAL_AUTH = 0x1,
EOAC_SECURE_REFS = 0x2,
EOAC_ACCESS_CONTROL = 0x4,
EOAC_APPID = 0x8,
EOAC_DYNAMIC = 0x10,
EOAC_STATIC_CLOAKING = 0x20,
EOAC_DYNAMIC_CLOAKING = 0x40,
EOAC_ANY_AUTHORITY = 0x80,
EOAC_MAKE_FULLSIC = 0x100,
EOAC_REQUIRE_FULLSIC = 0x200,
EOAC_AUTO_IMPERSONATE = 0x400,
EOAC_DEFAULT = 0x800,
EOAC_DISABLE_AAA = 0x1000,
EOAC_NO_CUSTOM_MARSHAL = 0x2000
} EOLE_AUTHENTICATION_CAPABILITIES;
Figure 55.2 Definitions
Keith's first book-in-a-wiki. If you would like to read the book online or order a physical copy to throw at annoying coworkers, surf to the HomePage. Please note that due to overwhelming wikispam, this particular wiki is no longer editable.
About FlexWiki.
Recent Topics