Impersonation Guide!!!

hi,
our company was using a Client-Server System(VB & SQL)the Authentication,Roles and User rights are all implemented at the back end,then we migrate to N-Tier Application.
For Phase1 the security at the Back-End will stay as it's(at SQL Data Base).
For Phase2 we will manage the security at the Middle-Tier.
the DataBase needs to authenticate the client and register the Machine and User Names in some tables.
i go through some articles and i understood that if my Server Application(COM+) acts as a Client to external Resources(SQL Data Base) this is known as Impersonation.
i need a step by step guide to implement Impersonation.!!!
now i imported all my DLL's into one Package(COM+)as server application and Export an Application Proxy to my Clients but the DataBase alway recognize the Middle-Ware Machine Name and the User who is starting the Application and i don't know how to configure out so my DB Admin get the Client UserName and HostName.
rgrds.
Meer.
mirghaniAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mirghaniAuthor Commented:
keep in mind about 300 Clients will access My Application Server i don't want to run DComCnfg.exe in each Client.
0
Richie_SimonettiIT OperationsCommented:
0
mirghaniAuthor Commented:
i'm using Vb6.0 not a web base.
to make my Ques more clear:
How to Pass UserName&MachineName through my COM+ Server Application to the SQL DB(Delegation)?
what configuration i have to do?
Meer.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Richie_SimonettiIT OperationsCommented:
Well, i am guessing here so be my guest:
I don't know how your com+ is implemented but, as long as i know with objects, you could have properties and methods (which could have parameters)
To this, we agree but the question is:
could you have UserName and MchineName as properties or parameters for methods?
If so, those values could be extracted from every client with a liitle code.
If i am totally wrong, please forgive me.
0
mirghaniAuthor Commented:
hi Richie,
To some extend u r right.
when i read about Impersonation, i found that the COM server application could pass the credentials of the client to the exeternal resource but we need to implement  Delegation we should set the user account delegation enabled in our Active Directory(The client account must not be marked "Account is sensitive and cannot be delegated" in the Active Directory Service).

Unfortunately our Domain still NT not Win2000 :-(
and now i decided to pass the username and machine to the DB server as parameters.
let's be more practical,Could u give me the code that makes me able from my server application to get the UserName and MachineName?
rgrds Meer.

0
Richie_SimonettiIT OperationsCommented:
Well, what i was thinking is just what you are doing with this:
"...and now i decided to pass the username and machine to the DB server as parameters.
...."
I think that server app should get those values from the clients as parameters or properties.
I mean, client side *should* pass it to server.
0
mirghaniAuthor Commented:
if the server app could Authenticate the Client at the Middle Tier Server that's mean the server could recognize the UserName and Machine 2.
i'm working on an Enterprise System with a team and i'm in charge of the Middle Tier , we couldn't modify the Client Side and ask them to send parameters!!!!
Any other way?
Meer.
0
mirghaniAuthor Commented:
if the server app could Authenticate the Client at the Middle Tier Server that's mean the server could recognize the UserName and Machine 2.
i'm working on an Enterprise System with a team and i'm in charge of the Middle Tier , we couldn't modify the Client Side and ask them to send parameters!!!!
Any other way?
Meer.
0
Richie_SimonettiIT OperationsCommented:
Could you modify your middle tier to get two more properties?
0
mirghaniAuthor Commented:
i could modify my MiddleTier but give me the code which enable me to retrieve the UserName and Machine Name!!!
pls don't suggest any modifications at client side.
rgrds.
Meer.
0
Richie_SimonettiIT OperationsCommented:
there are two API:
GetUserName and GetComputerName.
Also, there are:

environ("username")
environ("ComputerName")

but i don't know how would you get those to work in your middle tier. I think you cannot access those values from that stage tier.
0
Richie_SimonettiIT OperationsCommented:
If middle tier is running on client machine, i think that you could get them but if not...

Anyway, API way:

'example by Donavon Kuhn (Donavon.Kuhn@Nextel.com)
Private Const MAX_COMPUTERNAME_LENGTH As Long = 31
Private Declare Function GetComputerName Lib "kernel32" Alias "GetComputerNameA" (ByVal lpBuffer As String, nSize As Long) As Long
Private Sub Form_Load()
    Dim dwLen As Long
    Dim strString As String
    'Create a buffer
    dwLen = MAX_COMPUTERNAME_LENGTH + 1
    strString = String(dwLen, "X")
    'Get the computer name
    GetComputerName strString, dwLen
    'get only the actual data
    strString = Left(strString, dwLen)
    'Show the computer name
    MsgBox strString
End Sub

'This project needs a timer
Private Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long
Private Sub Form_Load()
    'KPD-Team 1998
    'URL: http://www.allapi.net/
    'E-Mail: KPDTeam@Allapi.net
    Dim strUserName As String


    'Create a buffer
    strUserName = String(100, Chr$(0))
    'Get the username
    GetUserName strUserName, 100
    'strip the rest of the buffer
    strUserName = Left$(strUserName, InStr(strUserName, Chr$(0)) - 1)

    'Show the temppath and the username
    MsgBox "Hello " + strUserName + Chr$(13) + "The temp. path is " + strTemp
End Sub
0
EDDYKTCommented:
I believe you want to get the user id from the thread token

Richie_Simonetti's method only get the server computer name and user name but not the orignator
0
EDDYKTCommented:
However, since your domain is NT I don't think you can get the token from the thread
0
Richie_SimonettiIT OperationsCommented:
"...Richie_Simonetti's method only get the server computer name and user name but not the orignator..."
That's what i was saying. If Middle Tier doesn't runs in client machine, you can't.
0
mirghaniAuthor Commented:
SQL can recognize the user accessing SQL Server even if SQL not installed in Client Machine:
e.g:
Select Host_Name()
Select suser_sName()

i want something similar to this,from server Application i can recognize the user who instantiate my object and from which machine?

Nt doesn't support Impersonation Level Delegation,but there is a third party Software which can be installed within NT Domains and enable Delegate,what is ur Openion.

rgrds.
Meer.
0
mirghaniAuthor Commented:
if the client provide their UserName and Machine that's not a secure way.
How can i retrieve it my self(Middle-Tier)?
Meer.
0
Richie_SimonettiIT OperationsCommented:
"if the client provide their UserName and Machine that's not a secure way.
How can i retrieve it my self(Middle-Tier)?
"

It is a opinion's matter but, how secure is that you could retrieve it by yourself, anyway?
0
mirghaniAuthor Commented:
>>It is a opinion's matter but, how secure is that you could retrieve it by yourself, anyway

i think my point is Clear:-(
if Someone Accessing ur Resource, Couldn't u know who is he? and from which machine?:-(

i have already give a SQL e.g.

To Richie:
i think u r  not familiar with COM+ server Application!!!
Meer.
0
Richie_SimonettiIT OperationsCommented:
In one of my first comment i said:
"Well, i am guessing here so be my guest:"

I give up. Good luck in your search
Sincerely
R.
0
EDDYKTCommented:
I've a routine that will get the token from the caller thread. That routine I build for testing. Unfortunately this is in c++

Since NT is single hub and it will lost the credentials on the second call

ie if A call B and B call C, From C you cannot get the orginator. In order to work Win2000, you have to enable Delegation.


Hope  this help



static STDMETHODIMP GetUserName(char *Name)
{
     FILE *fp=fopen("C:\\TEMP\\caller.txt", "a+");
     HRESULT hr = ::CoImpersonateClient();
     if (FAILED(hr))
     {
          fprintf(fp, "%s > CoImpersonateClient failed. hr=0x%x\n", Name, hr);
          fclose(fp);
          return hr;
     }
     HANDLE hToken;
     BOOL ok = ::OpenThreadToken(::GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken);
     if (!ok)
     {
          hr = HRESULT_FROM_WIN32(::GetLastError());
          fprintf(fp, "%s > OpenThreadToken failed. hr=0x%x\n", Name, hr);
          fclose(fp);
          return hr;
     }
     hr = ::CoRevertToSelf();
     if (FAILED(hr))
     {
          fprintf(fp, "%s > CoRevertToSelf failed. hr=0x%x\n", Name, hr);
          fclose(fp);
          return hr;
     }
     TOKEN_USER *pUserInfo = NULL;
     DWORD dwLen = 0;
     ok = ::GetTokenInformation(hToken, TokenUser, NULL, 0, &dwLen);
     if (!ok)
     {
          hr = ::GetLastError();
          if (hr != ERROR_INSUFFICIENT_BUFFER)
          {
               hr = HRESULT_FROM_WIN32(hr);
               fprintf(fp, "%s > GetTokenInformation failed. hr=0x%x\n", Name, hr);
               fclose(fp);
               return hr;
          }
     }
     pUserInfo = (TOKEN_USER*)new BYTE[dwLen];
     if (pUserInfo == NULL)
     {
          fprintf(fp, "%s > out of memory\n", Name);
          fclose(fp);
          return EB_E_FILE_IO;
     }
     ok = ::GetTokenInformation(hToken, TokenUser, pUserInfo, dwLen, &dwLen);
     if (!ok)
     {
          hr = HRESULT_FROM_WIN32(::GetLastError());
          fprintf(fp, "%s > GetTokenInformation (2) failed. hr=0x%x\n", Name, hr);
          fclose(fp);
          return hr;
     }
     DWORD cbName = 0, cbDomain = 0;
     SID_NAME_USE eUse;
     ok = ::LookupAccountSid(NULL, pUserInfo->User.Sid, NULL, &cbName, NULL, &cbDomain, &eUse);
     if (!ok)
     {
          hr = ::GetLastError();
          if (hr != ERROR_INSUFFICIENT_BUFFER)
          {
               hr = HRESULT_FROM_WIN32(hr);
               fprintf(fp, "%s > LookupAccountSid failed. hr=0x%x\n", Name, hr);
               fclose(fp);
               return hr;
          }
     }
     wchar_t* pName = new wchar_t[cbName];
     wchar_t* pDomain = new wchar_t[cbDomain];
     if (pName == NULL || pDomain == NULL)
     {
          fprintf(fp, "%s > out of memory\n", Name);
          fclose(fp);
          return E_FAIL;
     }
     ok = ::LookupAccountSid(NULL, pUserInfo->User.Sid, pName, &cbName, pDomain, &cbDomain, &eUse);
     if (!ok)
     {
          hr = HRESULT_FROM_WIN32(::GetLastError());
          fprintf(fp, "%s > LookupAccountSid (2) failed. hr=0x%x\n", Name, hr);
          fclose(fp);
          return hr;
     }
     CComBSTR bstrName;
     bstrName = pDomain;
     bstrName.Append("\\");
     bstrName.Append(pName);
     USES_CONVERSION;
     fprintf(fp, "%s > User Name - %s\n", Name, T2A(bstrName.Detach()));
     fclose(fp);
     return S_OK;
}
0
mirghaniAuthor Commented:
To Richie:
i don't mean that i don't want to be one of ur Guest,but this problem made me mad.
thanks for ur trying to help me.

To EDDYKT:
i'm not familiar with C++ but i think with ur last comment we r going forward step.
how could i test it if i'm using VB6.0?

rgrds Meer.
0
Richie_SimonettiIT OperationsCommented:
couldn't it be translated to VB?
0
EDDYKTCommented:
See Richie can help
0
EDDYKTCommented:
Another method I can see whether it helps


Create a dll from c++ and call it from your VB

Because I think it is not easy to do it in VB, May be I'm wrong. Again Richie should be able to help out here

Right

8->
0
Richie_SimonettiIT OperationsCommented:
i like this:

"Create a dll from c++ and call it from your VB"
since we would have to find some declarations for APIs that i am not familiar with.
0
mirghaniAuthor Commented:
i found this link:
http://www.faqchest.com/msdn/DCOM/dcom-00/dcom-0011/dcom00111521_31814.html
but the probs that i'm not familiar with C++.

>>"Create a dll from c++ and call it from your VB"
nice idea but how? :-)

Meer.
0
mirghaniAuthor Commented:
how if we perform a lot of tasks to convert C++ Code to VB and it didn't work:-)
Meer.
0
mirghaniAuthor Commented:
this is in VB, what u think about it?
http://p2p.wrox.com/archive/pro_vb/2002-07/51.asp
Meer.
0
EDDYKTCommented:
>>this is in VB, what u think about it?
http://p2p.wrox.com/archive/pro_vb/2002-07/51.asp


This link talks about different things
0
EDDYKTCommented:
Create ATL dll using c++ template to do

I know it's hard to do if you are not familiar with c++

If you familiar with VB

Here is the link that you can get all the API declaration
http://www.activevb.de/rubriken/apikatalog/deklarationen/adsenumeratenext.html


You have to do it by yourself. Unfortunately I don't have time this week. It will take approx at least half day to accompish
0
EDDYKTCommented:
Good luck
0
mirghaniAuthor Commented:
i think if i want to solve my problem i have to learn 2 languages, C++ & French(EDDYKT above Link):-)
Still i will be waiting for the experties Help.
rgrds
Meer.
0
Richie_SimonettiIT OperationsCommented:
Sorry, that link is in german not french.
0
rkot2000Commented:
you can get a user name form this objects :

GetObjectContext.Security.GetOriginalCallerName
GetObjectContext.Security.GetOriginalCreatorName

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rkot2000Commented:
also you may try to play with activation

try to use :

Library Application --

Library applications run under the client process security token rather than under their own user identity. They have only as much privilege as the client has.
0
mirghaniAuthor Commented:
our system that the Clients access the Middle-Tier Server then the DB, and there is a MiddleServer administrator,i think that's applicable only with Server Application.

do u mean if i implement this code:
GetObjectContext.Security.GetOriginalCallerName
or
GetObjectContext.Security.GetOriginalCreatorName
into my Configured Components i can retrieve the UserName(i will try it but i'm not on Developement Machine now.)?
if so what about the MAchineNAme?
Meer.
0
rkot2000Commented:
if so what about the MAchineNAme?

i need more time.
0
mirghaniAuthor Commented:
ok, i will start with the UserName testing and will keep u updated.
u try MachineName.
rgrds Meer.
Meer
0
mirghaniAuthor Commented:
ok, i will start with the UserName testing and will keep u updated.
u try MachineName.
rgrds Meer.
Meer
0
RainUKCommented:
Hi meer,

Okay as with regards getting username, use rkot2000 method, I have been using the object context and it works fine, for getting DLL instantiators caller. usually comes back in NT SAM account domain format e.g.

Domain\UserName

You can use this code example of mine:

Dim oObjectContext As ObjectContext
Dim strOriginalCallerName As String

    On Error GoTo ErrHandler

    Set oObjectContext = GetObjectContext()
    strOriginalCallerName = oObjectContext.Security.GetOriginalCallerName
   
    ' Strip into account name only, ignore Domain name
    strOriginalCallerName = Mid(strOriginalCallerName, InStr(1, strOriginalCallerName, "\", vbTextCompare) + 1)
   
    Set oObjectContext = Nothing

As for computer name, well this is a hard one I scoured the internet looking for a simple way of doing it, but only found one, its done using C++ and I took a look at the code and its a bit to heavy for me to convert. So I just passed the computer name from the clients, its much easier!

I suppose a workaround in your case is to maybe use some Active Directory or Win32 API to work out which machine the user is on, but then again if they have multiple logons on the same domain, then well...????

If you work it out how to do the computer name bit I would be interested in sampling your code. I think the reason why its not (The computer name property) exposed is that well middle-tier is meant to be transparent in terms of providing scalable components and not being tied to a machine. Well read that dodgy explanation from some site !
0
RainUKCommented:
Do you have to definitely store the host name as part of the audit? There is a workaround for you I think, requires some more code though, in terms of security you could implement Role Based security with your COM+ package.

So in your code if the caller is within the group for example 'Domain Computers' then you know that the instantiation and any methods run are from a known user (Using object context) and that the user ran it from a computer within your domain. You could always split up department computers into groups and create group names for each and add them to the group, create a COM+ Services Role name for that group and then use code as follows e.g.

Dim oSecCallContext As SecurityCallContext
Dim oReport As Object

   Set oSecCallContext = GetSecurityCallContext()

   If oSecCallContext.IsCallerInRole("Accounts") Then
       ' Run DLL method call
       ' Log to your DB that the call came from an accounts
       ' department defined group of computers
   End If

   If oSecCallContext.IsCallerInRole("HR Personnel") Then
       ' Run DLL method call
       ' Log to your DB that the call came from an HR personnel department
       ' defined group of computers
   End If

   ' And you can get the callers account name from objectCOntext


Well that kinda narrows it down to what department the PC is in. Its a workaround seeing as you can't change client method calls.

0
rkot2000Commented:
You can try to parse security log something like :

Successful Logon:
      User Name:     xxxxx
      Domain:          xxxxxx
      Logon ID:          (0x0,0x3BB054E)
      Logon Type:     3
      Logon Process:     NtLmSsp
      Authentication Package:     MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
      Workstation Name:     120-78LZHDH

Why do you need Machine Name?
0
mirghaniAuthor Commented:
hi all,
let me give u in brief what for i need the ComputerName:-
in our DataBase it's Designed as Billing System only authenticated machines r allowed to make payments so our Authentication is devided into 2:
First Authenticate if the MachineName is Registered in MachineFund Table or not the it Authenticate the User(it's our DB Team Issue)..every record inserted or updated in our DataBase there is 2 field(Operator&Machine Name)for auditing purposes.
i in the middletier should provide these 2 values.
about passing Machine Name from the Client it's not aplicable because other system(not only Billing)r using these Components(such as Mediation System)so i can't trus the other systems Clients that they r passing the real Machine they r sending the request from.
i think now it's clear.
if more details is required i appreciate.
Meer.
0
rkot2000Commented:
Maybe you need to develop a proxy component.
All you clients will use proxy to communicate with COM+ components,
and proxy component can send / receive additional information.
Something like this :
Client send a request to proxy.
Proxy wraps a request with additional data and sends to COM+ components.
COM+ analyzes request and send a response to proxy.
Proxy forwards a response to client.

Or you can try to use Message Queuing to send requests.
0
mirghaniAuthor Commented:
yep rkot2000 that what i have really developed here is my fram work:
all clients and for any kind of request they have firt to instantiate the Routing Object then the Routing Obj determine what kind of response the clients need and at which Component is available then the Routing Obj communicate and send/retrive with other components.

>>Proxy wraps a request with additional data and sends to COM+ components.
u mean UserName and ComputerNAme by additional Data isn't it?if yes that what my Question is about.

do u mean the proxy is also a Configured CoM+ component like the rest of components?
here a little question out of my major question jump to my mind: Is there any Risk that all my Users have to instantiate this Routing Obj for the first time? Risk i mean a lot of simultaneous user may lead to crash the Component..is there any thing about that(Limitation).

then we r back to the main Question "Machine Name".

rgrds
Meer.
0
rkot2000Commented:
>>Proxy wraps a request with additional data and sends to COM+ components.
u mean UserName and ComputerNAme by additional Data isn't it?if yes that what my Question is about.

Yes, but you can encrypt this data add some salt or secret key and send to the server.


>> do u mean the proxy is also a Configured CoM+ component like the rest of components?

Nop its ActiveX exe or ActiveX Dll and it’s runs an the client pc.
0
mirghaniAuthor Commented:
hi,
i tried getting the UserName with the ObjectContext and it works fine:-)
but still one thing is pending:-(
Meer.
0
mirghaniAuthor Commented:
rkot200:
let's guess, As i said i have a Configured Component(Routing Obj)and it's installed in the same package with the other components As a Server Application.
how if i install this Routing DLL in another Package as Library application.
if i want to install the packages into my Client i will Export 2 packages(Routing as Library App & other components as Server Application).
if the Client want to make any request he will call the Library App then the Library App interact with the Server App(Is it possible that one Library App package interact with another Server App Package), if this works i think it's ur Proxy Idea(i can add the Login and Machine if the Client Requested a Library App)i'm right?
Meer.
0
mirghaniAuthor Commented:
i think that's not a good solution with me because all my security i'm doing on this Routing Component,if it's Library App i couldn't set the Security Roles easily:-(.
Meer
0
mirghaniAuthor Commented:
pls check this Link:
http://www.informit.com/isapi/product_id~%7B4964140F-5CA5-4B2C-8CE7-072FE1B3E5CA%7D/st~%7B00C7E2A5-589F-483C-AD50-75843E8B7D9B%7D/content/index.asp
LISTING 3.5  CODE FOR THE GetUserNumber METHOD
and give me ur openion!
Meer.
0
mirghaniAuthor Commented:
hi,
Could any one evaluate if this will work without any Risks:

Environ("ComputerName")
i tried and it works fine ,but i need someone to ensure.
Meer.
0
mirghaniAuthor Commented:
:-( Environ("ComputerName") started retriving the Middle-Server Machine Name.
0
Richie_SimonettiIT OperationsCommented:
That's what i already told you as long middle tier is not running in client machine!
0
mirghaniAuthor Commented:
Hi Richie,
pls chk this Link it's something similar to mine but i couldn't get how it's solved:-
http://www.experts-exchange.com/Programming/Programming_Languages/Visual_Basic/Q_20129821.html?query=ObjectContext+ComputerName&searchType=topic#1
0
rkot2000Commented:
Currently scenario:
On server you have Routing object and this object communicate with other objects.
On Client you have a type library for you Routing object.
Client applications are working with Routing Object Type library to create server components and send requests.

Now you need to add a proxy on you client pc to work with Routing Object Type library.
This proxy object will be only on client pc.
0
rkot2000Commented:
Currently you are creating your Routing Object directly.

Now let say that you have proxy/factory on your client pc.
1.     Proxy runs on client pc.
2.     Clients application makes a request to Proxy.
3.     Proxy collects some info encrypts this and adds some secret key.
4.     Send this request to Routing Object.
5.     Routing object analyses this data.
6.     If key is fine and data is valid it returns a pointer to Proxy
7.     Proxy forward pointer to client application.
0
mirghaniAuthor Commented:
ok rkot2000 i will try to implement ur Proxy idea,but i need ur help.
here is the Scenario:
In my RoutingObj there is all my system methods declared with it's parameters required for each method.
depending on the method the Client needs to execute another COM component is created from the RoutingOj,then the other COM component creates the Data Access which retrieve the RecordSet.
Client calls my RoutingObj as follows:

Dim Result as Boolean
Dim MyRec as AdoDB.RecordSet
Dim MyCls as RoutingObj
set MyCls=CreateObject("RoutingObj.cRoutingObj")
Result=MyCls.AnyMethodNameHere(MyRec,Param1,param2)
---then Client works with MyRec which is returned ByRef

now comes ur turn rkot2000 to tell me how to design my Proxy(ActiveX exe or DLL),information to be added,Encryption how to be performed.
i know it will take ur time,but i'm unable to Construct it easily.
i think this Ques deserve the Points i'm adding to experts.
rgrds
Meer.
0
rkot2000Commented:
do you have a full state in your  RoutingObj ?
0
EDDYKTCommented:
>>i'm working on an Enterprise System with a team and i'm in charge of the Middle Tier , we couldn't modify the Client Side and ask them to send parameters!!!!


Without changing the client side, how do you accomplish?
0
rkot2000Commented:
EDDYKT  is correct you need to modify this line :

Dim MyRec as AdoDB.RecordSet
Dim MyCls as Proxy
set MyCls=CreateObject("Proxy.cProxy")
Result=MyCls.AnyMethodNameHere(MyRec,Param1,param2)
0
mirghaniAuthor Commented:
rkot2000:
i need more details about determining if my COmponent is full state or not?
EDDYKT:
if the modification is not Costly i could handle it with the Client Team.
i hope it will not Cost a lot of modifications.
Meer.
0
mirghaniAuthor Commented:
yep,i could do this modification,no probs on that.
what next about Proxy.
0
rkot2000Commented:
If you have setcomplete or setabort it’s stateless if not you have a state.

It’s very easy to test.
Let say you have a property ABC In you object like this.
 Option Explicit

Private mabc As String
Public Property Get ABC() As String
  ABC = mabc
End Property

Public Property Set ABC(a As String)
  mabc = a
End Property


In you client code you can write :

MyOBject.ABC = “Hello”
Msgbox MyOBject.ABC
If you got “Hello” – full state
If you got Empty – stateless


All clients are working/calling only with RoutingObj object or they are working with other objects.
0
EDDYKTCommented:
>>if the modification is not Costly i could handle it with the Client Team.


If that is the case why don't you just send user name and computer name right from the call? That's what  Richie_Simonetti mention at the beginning.

The original question is you don't want to change client side and determine the computer name and user name from server side.


I lost here.
0
mirghaniAuthor Commented:
rkot2000:
it's statefull,u can proceed with proxy implementation.
EDDYKT:
i said before there is another System rather than the system i'm working on now will be using my components,but with the Idea of the Proxy the Client couldn't put in his Code any Pc Name but my Proxy will get the real PC Name from his machine.
Meer.
0
mirghaniAuthor Commented:
rkot2000:
i'm using most in my Components a methods rather than Properties(our system depends on a recordset to be retrieve to the Client and later i will modify the Middle-Tier to work with Properties),following is an e.g of how all my Components Code:

'Synopsis:              Executes stored procedure to Get  Subscriber Data
'Function input:        LAC,DN
'Function output:       RecordSet

Public Function GetSubscriberID(BO_RS As ADODB.Recordset, ByVal Lac As String, ByVal DN As String) As Boolean


Count = 1

GetSubscriberID = False

' Execute stored procedure and return recordset
Set obj_GMBO = CreateObject("GMBO.cGMBO")
AssignParameters Count, Lac, mVarChar, 5, adParamInput
AssignParameters Count, DN, mVarChar, 15, adParamInput
    If obj_GMBO.GetSubscriberID(Meer_RS, AttachedParameters()) Then
     Set BO_RS = Meer_RS
     
     GetSubscriberID = True
    End If
Set obj_GMBO= Nothing
End Function

Meer.
0
mirghaniAuthor Commented:
>>All clients are working/calling only with RoutingObj object or they are working with other objects.

all of them r calling RoutingObj they r not aware of any object rather than RoutingObj.
0
Richie_SimonettiIT OperationsCommented:
IMHO, if you could change Client side, just set those values in properties or as parameters of method and you wouldn't need any other code.
If security is a concern, encryt/decryt in both sides.
0
mirghaniAuthor Commented:
EDDYKT:
>>The original question is you don't want to change client side and determine the computer name and user name from server side.
what i found that i can determine the UserName only from Server Side and it not possible for Computer name,shall we terminate the Project for this reason?!!!
ofcource not.
so it's not a matter of what the original question was it's a matter of finding the less cost of modification in both Client & Middle.

0
mirghaniAuthor Commented:
Richie_Simonetti:
assume i could change the Current Client i'm working on.
what about other systems want to use my components shall i ask them to give the real PC Name and not wrong one?:-(
Other Systems e.g:
we r having a mediation system installed on some machines,if these machine don't contain in their name the word 'MED' i will permit the execution of the Query.
Meer.
0
mirghaniAuthor Commented:
sorry i mean our DataBase Design will not allow the execution of the Query.
a kind of Authentication nothing more(i hope u recognized how it's important the machine name in most of our Company Systems).
0
Richie_SimonettiIT OperationsCommented:
"
....
what about other systems want to use my components shall i ask them to give the real PC Name and not wrong one?:-(
..."
You haven't to ask for PC Name neither username, you could get it from those api mentioned at beginning of thread.
0
mirghaniAuthor Commented:
Richie:
how i will ensure that other systems r passing the PC Name with API call,maybe they just assigned it with any value,i don't have any access to other systems,i'm just providing the with the Application Proxy and they design their Client.
0
mirghaniAuthor Commented:
but if there is a Proxy as rikot2000 said, here with the Proxy i'm sure that i'm using API,because i designed the Proxy and they r just calling it.
0
mirghaniAuthor Commented:
rkot2000 what about if any modification occurs in the Business-Tier shall i modify the Proxy?
here the Maintenance became Cost.
Meer.
0
rkot2000Commented:
Nothing is free.
But you should not be concern about server components.
You should be concern about clients.
If you need to modify proxy you need to do it on one server, but you need to send this new proxy to all clients.


p.s On the server you can have one private class to work with proxy data.
In this case you need to change only the implementation in that class.
Second I would recommend not to use default interface you should use implemented interfaces.

Or
You can send all proxy data in one long string or variant

Or
you can send proxy data as xml data and use server class to parse xml
0
rkot2000Commented:
Honestly, I don’t understand why do you need the machine name.
I think everything should be tied to the person id.
If I have rights to do the job I should be able to do it from any pc.
Or you can limit my logon to some computers  and working hours.
0
mirghaniAuthor Commented:
rkot2000,
i think i will go for the following:
-Obtaining the UserId as u said(ObjectContext).
-depend on passing the MachineName from Client as Property.

>>I think everything should be tied to the person id
that is right,and i discussed with the Team members this Issue,and they agreed with me,but modification will be postpone for phase2.

>>Second I would recommend not to use default interface you should use implemented interfaces.

Unfortunately i'm using Default:-(
shall i change? if so do u have any link could help on that?

rgrds
Meer.
0
rkot2000Commented:
implemented interface - helps with your updates.

Let say in version 1  you have a save method with 4 parameters.

In version 2 you need to add 3 more parameters.

You have two options
Add 3 more parameters and break signature or add another function with 7 parameters  and you have interface forwarding.

If you break the signature you need to update all client applications  in the same time.

If you have Classes with implemented Interfaces in the client app you should to have :

Clients for the first release
If Typeof  class Is Interface1 then call a function with 4 parameters

Now you need to add 3 param
So you need to create a new interface
Implement this interface in your class

Change code in the client all to
If Typeof class Is Interface2 then call a function with 7 parameters
If Typeof class Is Interface1 then call a function with 4 parameters

Start upgrading users.

In this case old app has access to the first interface and new one uses the second

 One more you need to use early binding like this
dim x as Project.Class.

Dim x as Object – has access only to the default interface
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic Classic

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.