?
Solved

Impersonation Guide!!!

Posted on 2003-03-18
81
Medium Priority
?
771 Views
Last Modified: 2007-12-19
hi,
our company was using a Client-Server System(VB & SQL)the Authentication,Roles and User rights are all implemented at the back end,then we migrate to N-Tier Application.
For Phase1 the security at the Back-End will stay as it's(at SQL Data Base).
For Phase2 we will manage the security at the Middle-Tier.
the DataBase needs to authenticate the client and register the Machine and User Names in some tables.
i go through some articles and i understood that if my Server Application(COM+) acts as a Client to external Resources(SQL Data Base) this is known as Impersonation.
i need a step by step guide to implement Impersonation.!!!
now i imported all my DLL's into one Package(COM+)as server application and Export an Application Proxy to my Clients but the DataBase alway recognize the Middle-Ware Machine Name and the User who is starting the Application and i don't know how to configure out so my DB Admin get the Client UserName and HostName.
rgrds.
Meer.
0
Comment
Question by:mirghani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 39
  • 15
  • 15
  • +2
81 Comments
 

Author Comment

by:mirghani
ID: 8160369
keep in mind about 300 Clients will access My Application Server i don't want to run DComCnfg.exe in each Client.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8161333
0
 

Author Comment

by:mirghani
ID: 8165133
i'm using Vb6.0 not a web base.
to make my Ques more clear:
How to Pass UserName&MachineName through my COM+ Server Application to the SQL DB(Delegation)?
what configuration i have to do?
Meer.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8166324
Well, i am guessing here so be my guest:
I don't know how your com+ is implemented but, as long as i know with objects, you could have properties and methods (which could have parameters)
To this, we agree but the question is:
could you have UserName and MchineName as properties or parameters for methods?
If so, those values could be extracted from every client with a liitle code.
If i am totally wrong, please forgive me.
0
 

Author Comment

by:mirghani
ID: 8166373
hi Richie,
To some extend u r right.
when i read about Impersonation, i found that the COM server application could pass the credentials of the client to the exeternal resource but we need to implement  Delegation we should set the user account delegation enabled in our Active Directory(The client account must not be marked "Account is sensitive and cannot be delegated" in the Active Directory Service).

Unfortunately our Domain still NT not Win2000 :-(
and now i decided to pass the username and machine to the DB server as parameters.
let's be more practical,Could u give me the code that makes me able from my server application to get the UserName and MachineName?
rgrds Meer.

0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8167229
Well, what i was thinking is just what you are doing with this:
"...and now i decided to pass the username and machine to the DB server as parameters.
...."
I think that server app should get those values from the clients as parameters or properties.
I mean, client side *should* pass it to server.
0
 

Author Comment

by:mirghani
ID: 8168592
if the server app could Authenticate the Client at the Middle Tier Server that's mean the server could recognize the UserName and Machine 2.
i'm working on an Enterprise System with a team and i'm in charge of the Middle Tier , we couldn't modify the Client Side and ask them to send parameters!!!!
Any other way?
Meer.
0
 

Author Comment

by:mirghani
ID: 8168749
if the server app could Authenticate the Client at the Middle Tier Server that's mean the server could recognize the UserName and Machine 2.
i'm working on an Enterprise System with a team and i'm in charge of the Middle Tier , we couldn't modify the Client Side and ask them to send parameters!!!!
Any other way?
Meer.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8168969
Could you modify your middle tier to get two more properties?
0
 

Author Comment

by:mirghani
ID: 8169100
i could modify my MiddleTier but give me the code which enable me to retrieve the UserName and Machine Name!!!
pls don't suggest any modifications at client side.
rgrds.
Meer.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8169770
there are two API:
GetUserName and GetComputerName.
Also, there are:

environ("username")
environ("ComputerName")

but i don't know how would you get those to work in your middle tier. I think you cannot access those values from that stage tier.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8169781
If middle tier is running on client machine, i think that you could get them but if not...

Anyway, API way:

'example by Donavon Kuhn (Donavon.Kuhn@Nextel.com)
Private Const MAX_COMPUTERNAME_LENGTH As Long = 31
Private Declare Function GetComputerName Lib "kernel32" Alias "GetComputerNameA" (ByVal lpBuffer As String, nSize As Long) As Long
Private Sub Form_Load()
    Dim dwLen As Long
    Dim strString As String
    'Create a buffer
    dwLen = MAX_COMPUTERNAME_LENGTH + 1
    strString = String(dwLen, "X")
    'Get the computer name
    GetComputerName strString, dwLen
    'get only the actual data
    strString = Left(strString, dwLen)
    'Show the computer name
    MsgBox strString
End Sub

'This project needs a timer
Private Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long
Private Sub Form_Load()
    'KPD-Team 1998
    'URL: http://www.allapi.net/
    'E-Mail: KPDTeam@Allapi.net
    Dim strUserName As String


    'Create a buffer
    strUserName = String(100, Chr$(0))
    'Get the username
    GetUserName strUserName, 100
    'strip the rest of the buffer
    strUserName = Left$(strUserName, InStr(strUserName, Chr$(0)) - 1)

    'Show the temppath and the username
    MsgBox "Hello " + strUserName + Chr$(13) + "The temp. path is " + strTemp
End Sub
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 8171092
I believe you want to get the user id from the thread token

Richie_Simonetti's method only get the server computer name and user name but not the orignator
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 8171108
However, since your domain is NT I don't think you can get the token from the thread
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8171302
"...Richie_Simonetti's method only get the server computer name and user name but not the orignator..."
That's what i was saying. If Middle Tier doesn't runs in client machine, you can't.
0
 

Author Comment

by:mirghani
ID: 8172080
SQL can recognize the user accessing SQL Server even if SQL not installed in Client Machine:
e.g:
Select Host_Name()
Select suser_sName()

i want something similar to this,from server Application i can recognize the user who instantiate my object and from which machine?

Nt doesn't support Impersonation Level Delegation,but there is a third party Software which can be installed within NT Domains and enable Delegate,what is ur Openion.

rgrds.
Meer.
0
 

Author Comment

by:mirghani
ID: 8172365
if the client provide their UserName and Machine that's not a secure way.
How can i retrieve it my self(Middle-Tier)?
Meer.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8173214
"if the client provide their UserName and Machine that's not a secure way.
How can i retrieve it my self(Middle-Tier)?
"

It is a opinion's matter but, how secure is that you could retrieve it by yourself, anyway?
0
 

Author Comment

by:mirghani
ID: 8173321
>>It is a opinion's matter but, how secure is that you could retrieve it by yourself, anyway

i think my point is Clear:-(
if Someone Accessing ur Resource, Couldn't u know who is he? and from which machine?:-(

i have already give a SQL e.g.

To Richie:
i think u r  not familiar with COM+ server Application!!!
Meer.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8173361
In one of my first comment i said:
"Well, i am guessing here so be my guest:"

I give up. Good luck in your search
Sincerely
R.
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 8173389
I've a routine that will get the token from the caller thread. That routine I build for testing. Unfortunately this is in c++

Since NT is single hub and it will lost the credentials on the second call

ie if A call B and B call C, From C you cannot get the orginator. In order to work Win2000, you have to enable Delegation.


Hope  this help



static STDMETHODIMP GetUserName(char *Name)
{
     FILE *fp=fopen("C:\\TEMP\\caller.txt", "a+");
     HRESULT hr = ::CoImpersonateClient();
     if (FAILED(hr))
     {
          fprintf(fp, "%s > CoImpersonateClient failed. hr=0x%x\n", Name, hr);
          fclose(fp);
          return hr;
     }
     HANDLE hToken;
     BOOL ok = ::OpenThreadToken(::GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken);
     if (!ok)
     {
          hr = HRESULT_FROM_WIN32(::GetLastError());
          fprintf(fp, "%s > OpenThreadToken failed. hr=0x%x\n", Name, hr);
          fclose(fp);
          return hr;
     }
     hr = ::CoRevertToSelf();
     if (FAILED(hr))
     {
          fprintf(fp, "%s > CoRevertToSelf failed. hr=0x%x\n", Name, hr);
          fclose(fp);
          return hr;
     }
     TOKEN_USER *pUserInfo = NULL;
     DWORD dwLen = 0;
     ok = ::GetTokenInformation(hToken, TokenUser, NULL, 0, &dwLen);
     if (!ok)
     {
          hr = ::GetLastError();
          if (hr != ERROR_INSUFFICIENT_BUFFER)
          {
               hr = HRESULT_FROM_WIN32(hr);
               fprintf(fp, "%s > GetTokenInformation failed. hr=0x%x\n", Name, hr);
               fclose(fp);
               return hr;
          }
     }
     pUserInfo = (TOKEN_USER*)new BYTE[dwLen];
     if (pUserInfo == NULL)
     {
          fprintf(fp, "%s > out of memory\n", Name);
          fclose(fp);
          return EB_E_FILE_IO;
     }
     ok = ::GetTokenInformation(hToken, TokenUser, pUserInfo, dwLen, &dwLen);
     if (!ok)
     {
          hr = HRESULT_FROM_WIN32(::GetLastError());
          fprintf(fp, "%s > GetTokenInformation (2) failed. hr=0x%x\n", Name, hr);
          fclose(fp);
          return hr;
     }
     DWORD cbName = 0, cbDomain = 0;
     SID_NAME_USE eUse;
     ok = ::LookupAccountSid(NULL, pUserInfo->User.Sid, NULL, &cbName, NULL, &cbDomain, &eUse);
     if (!ok)
     {
          hr = ::GetLastError();
          if (hr != ERROR_INSUFFICIENT_BUFFER)
          {
               hr = HRESULT_FROM_WIN32(hr);
               fprintf(fp, "%s > LookupAccountSid failed. hr=0x%x\n", Name, hr);
               fclose(fp);
               return hr;
          }
     }
     wchar_t* pName = new wchar_t[cbName];
     wchar_t* pDomain = new wchar_t[cbDomain];
     if (pName == NULL || pDomain == NULL)
     {
          fprintf(fp, "%s > out of memory\n", Name);
          fclose(fp);
          return E_FAIL;
     }
     ok = ::LookupAccountSid(NULL, pUserInfo->User.Sid, pName, &cbName, pDomain, &cbDomain, &eUse);
     if (!ok)
     {
          hr = HRESULT_FROM_WIN32(::GetLastError());
          fprintf(fp, "%s > LookupAccountSid (2) failed. hr=0x%x\n", Name, hr);
          fclose(fp);
          return hr;
     }
     CComBSTR bstrName;
     bstrName = pDomain;
     bstrName.Append("\\");
     bstrName.Append(pName);
     USES_CONVERSION;
     fprintf(fp, "%s > User Name - %s\n", Name, T2A(bstrName.Detach()));
     fclose(fp);
     return S_OK;
}
0
 

Author Comment

by:mirghani
ID: 8173565
To Richie:
i don't mean that i don't want to be one of ur Guest,but this problem made me mad.
thanks for ur trying to help me.

To EDDYKT:
i'm not familiar with C++ but i think with ur last comment we r going forward step.
how could i test it if i'm using VB6.0?

rgrds Meer.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8173636
couldn't it be translated to VB?
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 8173710
See Richie can help
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 8173726
Another method I can see whether it helps


Create a dll from c++ and call it from your VB

Because I think it is not easy to do it in VB, May be I'm wrong. Again Richie should be able to help out here

Right

8->
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8173763
i like this:

"Create a dll from c++ and call it from your VB"
since we would have to find some declarations for APIs that i am not familiar with.
0
 

Author Comment

by:mirghani
ID: 8173806
i found this link:
http://www.faqchest.com/msdn/DCOM/dcom-00/dcom-0011/dcom00111521_31814.html
but the probs that i'm not familiar with C++.

>>"Create a dll from c++ and call it from your VB"
nice idea but how? :-)

Meer.
0
 

Author Comment

by:mirghani
ID: 8173821
how if we perform a lot of tasks to convert C++ Code to VB and it didn't work:-)
Meer.
0
 

Author Comment

by:mirghani
ID: 8173848
this is in VB, what u think about it?
http://p2p.wrox.com/archive/pro_vb/2002-07/51.asp
Meer.
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 8173915
>>this is in VB, what u think about it?
http://p2p.wrox.com/archive/pro_vb/2002-07/51.asp


This link talks about different things
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 8173932
Create ATL dll using c++ template to do

I know it's hard to do if you are not familiar with c++

If you familiar with VB

Here is the link that you can get all the API declaration
http://www.activevb.de/rubriken/apikatalog/deklarationen/adsenumeratenext.html


You have to do it by yourself. Unfortunately I don't have time this week. It will take approx at least half day to accompish
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 8173933
Good luck
0
 

Author Comment

by:mirghani
ID: 8173969
i think if i want to solve my problem i have to learn 2 languages, C++ & French(EDDYKT above Link):-)
Still i will be waiting for the experties Help.
rgrds
Meer.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8174037
Sorry, that link is in german not french.
0
 
LVL 5

Accepted Solution

by:
rkot2000 earned 2000 total points
ID: 8174052
you can get a user name form this objects :

GetObjectContext.Security.GetOriginalCallerName
GetObjectContext.Security.GetOriginalCreatorName

0
 
LVL 5

Expert Comment

by:rkot2000
ID: 8174088
also you may try to play with activation

try to use :

Library Application --

Library applications run under the client process security token rather than under their own user identity. They have only as much privilege as the client has.
0
 

Author Comment

by:mirghani
ID: 8174140
our system that the Clients access the Middle-Tier Server then the DB, and there is a MiddleServer administrator,i think that's applicable only with Server Application.

do u mean if i implement this code:
GetObjectContext.Security.GetOriginalCallerName
or
GetObjectContext.Security.GetOriginalCreatorName
into my Configured Components i can retrieve the UserName(i will try it but i'm not on Developement Machine now.)?
if so what about the MAchineNAme?
Meer.
0
 
LVL 5

Expert Comment

by:rkot2000
ID: 8174188
if so what about the MAchineNAme?

i need more time.
0
 

Author Comment

by:mirghani
ID: 8174606
ok, i will start with the UserName testing and will keep u updated.
u try MachineName.
rgrds Meer.
Meer
0
 

Author Comment

by:mirghani
ID: 8174704
ok, i will start with the UserName testing and will keep u updated.
u try MachineName.
rgrds Meer.
Meer
0
 
LVL 5

Expert Comment

by:RainUK
ID: 8175690
Hi meer,

Okay as with regards getting username, use rkot2000 method, I have been using the object context and it works fine, for getting DLL instantiators caller. usually comes back in NT SAM account domain format e.g.

Domain\UserName

You can use this code example of mine:

Dim oObjectContext As ObjectContext
Dim strOriginalCallerName As String

    On Error GoTo ErrHandler

    Set oObjectContext = GetObjectContext()
    strOriginalCallerName = oObjectContext.Security.GetOriginalCallerName
   
    ' Strip into account name only, ignore Domain name
    strOriginalCallerName = Mid(strOriginalCallerName, InStr(1, strOriginalCallerName, "\", vbTextCompare) + 1)
   
    Set oObjectContext = Nothing

As for computer name, well this is a hard one I scoured the internet looking for a simple way of doing it, but only found one, its done using C++ and I took a look at the code and its a bit to heavy for me to convert. So I just passed the computer name from the clients, its much easier!

I suppose a workaround in your case is to maybe use some Active Directory or Win32 API to work out which machine the user is on, but then again if they have multiple logons on the same domain, then well...????

If you work it out how to do the computer name bit I would be interested in sampling your code. I think the reason why its not (The computer name property) exposed is that well middle-tier is meant to be transparent in terms of providing scalable components and not being tied to a machine. Well read that dodgy explanation from some site !
0
 
LVL 5

Expert Comment

by:RainUK
ID: 8175806
Do you have to definitely store the host name as part of the audit? There is a workaround for you I think, requires some more code though, in terms of security you could implement Role Based security with your COM+ package.

So in your code if the caller is within the group for example 'Domain Computers' then you know that the instantiation and any methods run are from a known user (Using object context) and that the user ran it from a computer within your domain. You could always split up department computers into groups and create group names for each and add them to the group, create a COM+ Services Role name for that group and then use code as follows e.g.

Dim oSecCallContext As SecurityCallContext
Dim oReport As Object

   Set oSecCallContext = GetSecurityCallContext()

   If oSecCallContext.IsCallerInRole("Accounts") Then
       ' Run DLL method call
       ' Log to your DB that the call came from an accounts
       ' department defined group of computers
   End If

   If oSecCallContext.IsCallerInRole("HR Personnel") Then
       ' Run DLL method call
       ' Log to your DB that the call came from an HR personnel department
       ' defined group of computers
   End If

   ' And you can get the callers account name from objectCOntext


Well that kinda narrows it down to what department the PC is in. Its a workaround seeing as you can't change client method calls.

0
 
LVL 5

Expert Comment

by:rkot2000
ID: 8175814
You can try to parse security log something like :

Successful Logon:
      User Name:     xxxxx
      Domain:          xxxxxx
      Logon ID:          (0x0,0x3BB054E)
      Logon Type:     3
      Logon Process:     NtLmSsp
      Authentication Package:     MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
      Workstation Name:     120-78LZHDH

Why do you need Machine Name?
0
 

Author Comment

by:mirghani
ID: 8176098
hi all,
let me give u in brief what for i need the ComputerName:-
in our DataBase it's Designed as Billing System only authenticated machines r allowed to make payments so our Authentication is devided into 2:
First Authenticate if the MachineName is Registered in MachineFund Table or not the it Authenticate the User(it's our DB Team Issue)..every record inserted or updated in our DataBase there is 2 field(Operator&Machine Name)for auditing purposes.
i in the middletier should provide these 2 values.
about passing Machine Name from the Client it's not aplicable because other system(not only Billing)r using these Components(such as Mediation System)so i can't trus the other systems Clients that they r passing the real Machine they r sending the request from.
i think now it's clear.
if more details is required i appreciate.
Meer.
0
 
LVL 5

Expert Comment

by:rkot2000
ID: 8176436
Maybe you need to develop a proxy component.
All you clients will use proxy to communicate with COM+ components,
and proxy component can send / receive additional information.
Something like this :
Client send a request to proxy.
Proxy wraps a request with additional data and sends to COM+ components.
COM+ analyzes request and send a response to proxy.
Proxy forwards a response to client.

Or you can try to use Message Queuing to send requests.
0
 

Author Comment

by:mirghani
ID: 8176525
yep rkot2000 that what i have really developed here is my fram work:
all clients and for any kind of request they have firt to instantiate the Routing Object then the Routing Obj determine what kind of response the clients need and at which Component is available then the Routing Obj communicate and send/retrive with other components.

>>Proxy wraps a request with additional data and sends to COM+ components.
u mean UserName and ComputerNAme by additional Data isn't it?if yes that what my Question is about.

do u mean the proxy is also a Configured CoM+ component like the rest of components?
here a little question out of my major question jump to my mind: Is there any Risk that all my Users have to instantiate this Routing Obj for the first time? Risk i mean a lot of simultaneous user may lead to crash the Component..is there any thing about that(Limitation).

then we r back to the main Question "Machine Name".

rgrds
Meer.
0
 
LVL 5

Expert Comment

by:rkot2000
ID: 8176583
>>Proxy wraps a request with additional data and sends to COM+ components.
u mean UserName and ComputerNAme by additional Data isn't it?if yes that what my Question is about.

Yes, but you can encrypt this data add some salt or secret key and send to the server.


>> do u mean the proxy is also a Configured CoM+ component like the rest of components?

Nop its ActiveX exe or ActiveX Dll and it’s runs an the client pc.
0
 

Author Comment

by:mirghani
ID: 8179396
hi,
i tried getting the UserName with the ObjectContext and it works fine:-)
but still one thing is pending:-(
Meer.
0
 

Author Comment

by:mirghani
ID: 8179419
rkot200:
let's guess, As i said i have a Configured Component(Routing Obj)and it's installed in the same package with the other components As a Server Application.
how if i install this Routing DLL in another Package as Library application.
if i want to install the packages into my Client i will Export 2 packages(Routing as Library App & other components as Server Application).
if the Client want to make any request he will call the Library App then the Library App interact with the Server App(Is it possible that one Library App package interact with another Server App Package), if this works i think it's ur Proxy Idea(i can add the Login and Machine if the Client Requested a Library App)i'm right?
Meer.
0
 

Author Comment

by:mirghani
ID: 8179435
i think that's not a good solution with me because all my security i'm doing on this Routing Component,if it's Library App i couldn't set the Security Roles easily:-(.
Meer
0
 

Author Comment

by:mirghani
ID: 8179744
pls check this Link:
http://www.informit.com/isapi/product_id~%7B4964140F-5CA5-4B2C-8CE7-072FE1B3E5CA%7D/st~%7B00C7E2A5-589F-483C-AD50-75843E8B7D9B%7D/content/index.asp
LISTING 3.5  CODE FOR THE GetUserNumber METHOD
and give me ur openion!
Meer.
0
 

Author Comment

by:mirghani
ID: 8180605
hi,
Could any one evaluate if this will work without any Risks:

Environ("ComputerName")
i tried and it works fine ,but i need someone to ensure.
Meer.
0
 

Author Comment

by:mirghani
ID: 8180796
:-( Environ("ComputerName") started retriving the Middle-Server Machine Name.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8181024
That's what i already told you as long middle tier is not running in client machine!
0
 

Author Comment

by:mirghani
ID: 8181040
Hi Richie,
pls chk this Link it's something similar to mine but i couldn't get how it's solved:-
http://www.experts-exchange.com/Programming/Programming_Languages/Visual_Basic/Q_20129821.html?query=ObjectContext+ComputerName&searchType=topic#1
0
 
LVL 5

Expert Comment

by:rkot2000
ID: 8181329
Currently scenario:
On server you have Routing object and this object communicate with other objects.
On Client you have a type library for you Routing object.
Client applications are working with Routing Object Type library to create server components and send requests.

Now you need to add a proxy on you client pc to work with Routing Object Type library.
This proxy object will be only on client pc.
0
 
LVL 5

Expert Comment

by:rkot2000
ID: 8181427
Currently you are creating your Routing Object directly.

Now let say that you have proxy/factory on your client pc.
1.     Proxy runs on client pc.
2.     Clients application makes a request to Proxy.
3.     Proxy collects some info encrypts this and adds some secret key.
4.     Send this request to Routing Object.
5.     Routing object analyses this data.
6.     If key is fine and data is valid it returns a pointer to Proxy
7.     Proxy forward pointer to client application.
0
 

Author Comment

by:mirghani
ID: 8181893
ok rkot2000 i will try to implement ur Proxy idea,but i need ur help.
here is the Scenario:
In my RoutingObj there is all my system methods declared with it's parameters required for each method.
depending on the method the Client needs to execute another COM component is created from the RoutingOj,then the other COM component creates the Data Access which retrieve the RecordSet.
Client calls my RoutingObj as follows:

Dim Result as Boolean
Dim MyRec as AdoDB.RecordSet
Dim MyCls as RoutingObj
set MyCls=CreateObject("RoutingObj.cRoutingObj")
Result=MyCls.AnyMethodNameHere(MyRec,Param1,param2)
---then Client works with MyRec which is returned ByRef

now comes ur turn rkot2000 to tell me how to design my Proxy(ActiveX exe or DLL),information to be added,Encryption how to be performed.
i know it will take ur time,but i'm unable to Construct it easily.
i think this Ques deserve the Points i'm adding to experts.
rgrds
Meer.
0
 
LVL 5

Expert Comment

by:rkot2000
ID: 8181926
do you have a full state in your  RoutingObj ?
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 8181946
>>i'm working on an Enterprise System with a team and i'm in charge of the Middle Tier , we couldn't modify the Client Side and ask them to send parameters!!!!


Without changing the client side, how do you accomplish?
0
 
LVL 5

Expert Comment

by:rkot2000
ID: 8181981
EDDYKT  is correct you need to modify this line :

Dim MyRec as AdoDB.RecordSet
Dim MyCls as Proxy
set MyCls=CreateObject("Proxy.cProxy")
Result=MyCls.AnyMethodNameHere(MyRec,Param1,param2)
0
 

Author Comment

by:mirghani
ID: 8182029
rkot2000:
i need more details about determining if my COmponent is full state or not?
EDDYKT:
if the modification is not Costly i could handle it with the Client Team.
i hope it will not Cost a lot of modifications.
Meer.
0
 

Author Comment

by:mirghani
ID: 8182113
yep,i could do this modification,no probs on that.
what next about Proxy.
0
 
LVL 5

Expert Comment

by:rkot2000
ID: 8182127
If you have setcomplete or setabort it’s stateless if not you have a state.

It’s very easy to test.
Let say you have a property ABC In you object like this.
 Option Explicit

Private mabc As String
Public Property Get ABC() As String
  ABC = mabc
End Property

Public Property Set ABC(a As String)
  mabc = a
End Property


In you client code you can write :

MyOBject.ABC = “Hello”
Msgbox MyOBject.ABC
If you got “Hello” – full state
If you got Empty – stateless


All clients are working/calling only with RoutingObj object or they are working with other objects.
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 8182240
>>if the modification is not Costly i could handle it with the Client Team.


If that is the case why don't you just send user name and computer name right from the call? That's what  Richie_Simonetti mention at the beginning.

The original question is you don't want to change client side and determine the computer name and user name from server side.


I lost here.
0
 

Author Comment

by:mirghani
ID: 8183706
rkot2000:
it's statefull,u can proceed with proxy implementation.
EDDYKT:
i said before there is another System rather than the system i'm working on now will be using my components,but with the Idea of the Proxy the Client couldn't put in his Code any Pc Name but my Proxy will get the real PC Name from his machine.
Meer.
0
 

Author Comment

by:mirghani
ID: 8183738
rkot2000:
i'm using most in my Components a methods rather than Properties(our system depends on a recordset to be retrieve to the Client and later i will modify the Middle-Tier to work with Properties),following is an e.g of how all my Components Code:

'Synopsis:              Executes stored procedure to Get  Subscriber Data
'Function input:        LAC,DN
'Function output:       RecordSet

Public Function GetSubscriberID(BO_RS As ADODB.Recordset, ByVal Lac As String, ByVal DN As String) As Boolean


Count = 1

GetSubscriberID = False

' Execute stored procedure and return recordset
Set obj_GMBO = CreateObject("GMBO.cGMBO")
AssignParameters Count, Lac, mVarChar, 5, adParamInput
AssignParameters Count, DN, mVarChar, 15, adParamInput
    If obj_GMBO.GetSubscriberID(Meer_RS, AttachedParameters()) Then
     Set BO_RS = Meer_RS
     
     GetSubscriberID = True
    End If
Set obj_GMBO= Nothing
End Function

Meer.
0
 

Author Comment

by:mirghani
ID: 8183841
>>All clients are working/calling only with RoutingObj object or they are working with other objects.

all of them r calling RoutingObj they r not aware of any object rather than RoutingObj.
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8183853
IMHO, if you could change Client side, just set those values in properties or as parameters of method and you wouldn't need any other code.
If security is a concern, encryt/decryt in both sides.
0
 

Author Comment

by:mirghani
ID: 8183874
EDDYKT:
>>The original question is you don't want to change client side and determine the computer name and user name from server side.
what i found that i can determine the UserName only from Server Side and it not possible for Computer name,shall we terminate the Project for this reason?!!!
ofcource not.
so it's not a matter of what the original question was it's a matter of finding the less cost of modification in both Client & Middle.

0
 

Author Comment

by:mirghani
ID: 8183913
Richie_Simonetti:
assume i could change the Current Client i'm working on.
what about other systems want to use my components shall i ask them to give the real PC Name and not wrong one?:-(
Other Systems e.g:
we r having a mediation system installed on some machines,if these machine don't contain in their name the word 'MED' i will permit the execution of the Query.
Meer.
0
 

Author Comment

by:mirghani
ID: 8183930
sorry i mean our DataBase Design will not allow the execution of the Query.
a kind of Authentication nothing more(i hope u recognized how it's important the machine name in most of our Company Systems).
0
 
LVL 16

Expert Comment

by:Richie_Simonetti
ID: 8183937
"
....
what about other systems want to use my components shall i ask them to give the real PC Name and not wrong one?:-(
..."
You haven't to ask for PC Name neither username, you could get it from those api mentioned at beginning of thread.
0
 

Author Comment

by:mirghani
ID: 8184363
Richie:
how i will ensure that other systems r passing the PC Name with API call,maybe they just assigned it with any value,i don't have any access to other systems,i'm just providing the with the Application Proxy and they design their Client.
0
 

Author Comment

by:mirghani
ID: 8184375
but if there is a Proxy as rikot2000 said, here with the Proxy i'm sure that i'm using API,because i designed the Proxy and they r just calling it.
0
 

Author Comment

by:mirghani
ID: 8185816
rkot2000 what about if any modification occurs in the Business-Tier shall i modify the Proxy?
here the Maintenance became Cost.
Meer.
0
 
LVL 5

Expert Comment

by:rkot2000
ID: 8195360
Nothing is free.
But you should not be concern about server components.
You should be concern about clients.
If you need to modify proxy you need to do it on one server, but you need to send this new proxy to all clients.


p.s On the server you can have one private class to work with proxy data.
In this case you need to change only the implementation in that class.
Second I would recommend not to use default interface you should use implemented interfaces.

Or
You can send all proxy data in one long string or variant

Or
you can send proxy data as xml data and use server class to parse xml
0
 
LVL 5

Expert Comment

by:rkot2000
ID: 8195435
Honestly, I don’t understand why do you need the machine name.
I think everything should be tied to the person id.
If I have rights to do the job I should be able to do it from any pc.
Or you can limit my logon to some computers  and working hours.
0
 

Author Comment

by:mirghani
ID: 8196493
rkot2000,
i think i will go for the following:
-Obtaining the UserId as u said(ObjectContext).
-depend on passing the MachineName from Client as Property.

>>I think everything should be tied to the person id
that is right,and i discussed with the Team members this Issue,and they agreed with me,but modification will be postpone for phase2.

>>Second I would recommend not to use default interface you should use implemented interfaces.

Unfortunately i'm using Default:-(
shall i change? if so do u have any link could help on that?

rgrds
Meer.
0
 
LVL 5

Expert Comment

by:rkot2000
ID: 8196666
implemented interface - helps with your updates.

Let say in version 1  you have a save method with 4 parameters.

In version 2 you need to add 3 more parameters.

You have two options
Add 3 more parameters and break signature or add another function with 7 parameters  and you have interface forwarding.

If you break the signature you need to update all client applications  in the same time.

If you have Classes with implemented Interfaces in the client app you should to have :

Clients for the first release
If Typeof  class Is Interface1 then call a function with 4 parameters

Now you need to add 3 param
So you need to create a new interface
Implement this interface in your class

Change code in the client all to
If Typeof class Is Interface2 then call a function with 7 parameters
If Typeof class Is Interface1 then call a function with 4 parameters

Start upgrading users.

In this case old app has access to the first interface and new one uses the second

 One more you need to use early binding like this
dim x as Project.Class.

Dim x as Object – has access only to the default interface
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’ve seen a number of people looking for examples of how to access web services from VB6.  I’ve been using a test harness I built in VB6 (using many resources I found online) that I use for small projects to work out how to communicate with web serv…
I was working on a PowerPoint add-in the other day and a client asked me "can you implement a feature which processes a chart when it's pasted into a slide from another deck?". It got me wondering how to hook into built-in ribbon events in Office.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…
Suggested Courses
Course of the Month14 days, 5 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question