Improve Your Technology

Just another blog for techology

COM+ Security risks

Application Identity

The application identity is the user account under which the application runs. When you install a COM+ server application—that is, a COM+ application running in its own process space—you need to set an identity under which it runs. The identity can be set to interactive user (meaning whichever user is logged on to the computer running the application), to the local service user (an account with the minimal permissions to run a locally accessible service), to the network service user (an account with the permissions of the local service user and network access), or to a specific user account (which requires a valid password for that account). You do not need to set the identity for COM+ library applications, which run in the host’s process space under the host’s identity.

The identity determines the security context for calls that the application makes when it runs. When the application makes calls to other applications, it uses its identity (provided it is not impersonating a client when making calls on the client’s behalf). An application receiving the call uses the calling application’s identity to do its own security checking to validate the call.

Which Identity to Specify

Specifying a particular user is usually preferable to using the interactive user identity. When a particular user identity is used, the server can run even when no one is logged on to the machine on which the application is running.

Assigning a particular user identity is more secure than assigning an interactive user because the particular user identity can be assigned to the application only by someone who has the specific user’s password. Additionally, choosing interactive user identity carries other security risks because the application runs under the identity of the logged on user without that user’s knowledge or consent. For example, if the application is running on a computer while an administrator is logged on, the application runs under the administrator’s identity, potentially making calls as such on behalf of clients.

If the application does not require access to a particular user’s private files, running under the local or network service account is generally the most secure option, because these accounts have even more limited access permissions than user accounts.

If the identity is set to interactive user, the application runs only when a user is logged on. Interactive user is the only identity that allows the client to see a graphical user interface (GUI) provided by the application.

Requirements for Delegation to Work

When setting the identity for a COM+ application that you want to be able to perform delegation on behalf of clients, if you set it for a particular user identity, that user must be a domain user account that is trusted for delegation. If Interactive User Identity is used, whatever user is logged on must be trusted for delegation.

If the application identity is not trusted for delegation, the call fails when the application attempts to impersonate a client over the network.

Advertisements

May 16, 2009 Posted by | COM+ Security risks, MTS, Technology | | Leave a comment