Hello and thanks for reading.
I have implemented role-based security on some serviced componts at
method level and it works fine.  However, method level isn't granular
enough.  I made the decision for my clients to call Method_1 and if
they are in an appropriate COM+ role, the method call succeeds.  Now,
within Method_1, I want to inspect the parameters that are passed in
and in certain circumstances delegate the resultant actions to a
further method within the same class; Method_2.  This method has a
more restrictive set of COM+ roles applied to it.  (both methods are
methods in the same interface that my serviced component implements,
but I don't want all my clients calling Method_2 directly).
Currently, Method_1 denies access to users who aren't in the roles
applicable for that method.  Should a user be in an applicable role,
then when Method_1 needs to call Method_2, that has the more
restrictive roles, the call succeeds when I expected it to fail.  The
call doesn't go through the COM+ security plumbing.  Compounding my
misery is the fact that the user making the call proves to be the
Identity of my COM+ application (running as a server application).
I really need to make the call to Method_2 via COM+ security and as
the user that called Method_1.  Any ideas please?
Thanks.