Newbie question: service calling COM+ server

[javierliceaga]

The problem that I am trying to solve is that I want a web service to
perform some highly priviledged tasks. Of course, I do not want the
web service itself to do this, since I want the web service to be
running as a low-privilege account (NT_AUTHORITY\NETWORK SERVICE).

I thought the simplest solution to this problem was to create a COM+
server (a C# class library the uses System.EnterpriseServices to act
like a COM+ server). I could then configure the COM+ server to run as
a highly privilege user (by configuring the COM+ server via the
Component Services MMC).

My problem is that unless the web service is running as the Local
System account, I get an error when trying to access the COM+ server.
How can I configure the COM+ server to allow the web service to call it?

 

[Dan Rogers]

you'll either have to use a higher priveleged account (the low priveleged
account is low priveleged to prevent it from making on-box calls outside of
the sandbox), or you will need to add impersonation logic around the call
to the com+ service. Using impersonation that is config based simply
elevates the services permissions - so if you want code-block level
permissions, you'll essentially have to change the creds on the thread
making the request.
--------------------