How do I grant access to my COM+ application?

纵饮孤独 提交于 2020-01-06 07:15:37

问题


I've created a COM+ server application and the caller can't access it - when it tries to instantiate a COM object (CoCreateInstance()) from that application the following appears in system log:

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {class id of COM object here} and APPID {app id of the COM+ application here} to the user MACHINENAME\administrator SID (SID here) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

The only way to tweak COM+ access seems to be using roles but the application has "enforce access checks" unchecked so it looks like there should be no restrictions. Yet the object won't instantiate.

How do I allow a certain user access a specific COM+ application so that he can instantiate objects from there?


回答1:


The first thing you should do is check to see if you can create this object outside of the application. I am using vbscript here;

dim vvv
set vvv= CreateObject ("CoCreateInstance()")

if isnull(vvv) then
            msgbox "null"
else
            msgbox "not null"
end if

If you cannot create the object, then there is probably an issue with the .dll and you might be best served just wiping the component out of the registry and completely reinstalling/reimplementing it.

If you can create the object, there is an issue with the application accessing the component. This is usually due to one of the following reasons;

  1. Component Security settings

    • For the purposes of finding the issue, you are right to uncheck "enforce access checks". Make sure you uncheck the box at both the application (package) level AND the component level.
  2. User settings

    • Check out this link. In addition to their advice, try adding IUSR_servername as a member of Administrators.
  3. Mismatch between Component services and the registry

    • We need to make sure the CLSID's in Component services match the registry. In component services, look for the component (not the application) and look at the properties. If the component is in there, it is definetely registered. While you are here we might as well double check some settings. Is the DLL address valid? Are security, transactions and activation settings correct? OK, now notice the CLSID in the general tab. Go into the registry editor and find the CLSID in HKEY_CLASSES_ROOT (it should be there). Make sure the dll address and the ProgID are correct. Also verify the key and subkeys are structured in a similar way to your other components.

If none of this works, search the registry for the component's name and wipe it out. then reinstall.



来源:https://stackoverflow.com/questions/6293047/how-do-i-grant-access-to-my-com-application

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!