Posted on 2003-03-07
I still have a Delphi problem with COM+ security. This is the situation:
Machine A: (W2000 or XP) COM+ server running with a local account which is connected to a database server. Roles and security are enabled. The local account is a special account that cannot be used as interactive user.
Machine B: (W95/W98/ME/NT/W2000/XP) Client application that might or might not connect to machine A. The user on this system is a domain user and should be in the roles of the COM+ server.
However, the following situation can happen:
Cindy is using the application on machine B but she is not part of the roles. However, she needs to use the COM+ component on machine A and cannot log out and log in again as a different user. So, the application will need to switch to a different user account internally. The application detects that Cindy has no access rights to the server thus a logon dialog should pop up. Then Cindy could log in using a different Windows account, connect to the COM+ server, do whatever is requiren and finally log out again.
Question is, what is the best way to let Cindy log in as a different user?
Keep in mind that the client should be working on NT and at least Windows '98. If this is absolutely impossible on these Windows versions, a W2000 solution can still be useful for me.) Also important, Cindy will have opened several files and other objects using her normal account and should still have access to these objects while she is impersonating an account that is part of those roles.