Using IsCallerInRole in the MoveMoney and Account Components

You will add the IsCallerInRole method to the MoveMoney and Account components to verify that the user running the Bank client is a manager. This additional code is the same for both components. You must modify both components because clicking Account in the Bank client doesn't use the MoveMoney component when the Sample Bank application runs.

To use IsCallerInRole in the MoveMoney and Account components
  1. Open the \MTx\Samples\Account.VB\Step8\Account.vbp project.

Click here to see the modified MoveMoney component

Click here to see the modified Account component

  1. Build the component as a DLL and save it as \MTx\Samples\Account.VB\Step8\VBAcct.dll.

IsCallerInRole is a method on an object's context. IsCallerInRole returns TRUE if the direct caller of that object is assigned to a given role. You will use IsCallerInRole in the MoveMoney and Account components to verify if the caller of an object — in this case the user running the Bank client — is a manager.

If (lngAmount > 500 Or lngAmount < -500) Then
    If Not ctxObject.IsCallerInRole("Managers") Then
        Err.Raise Number:=ERROR_NUMBER, _
        Description:="Need 'Managers' role for " _
            & "amounts over $500"
    End If
End If

Before you can use the new MoveMoney and Account components, you must create the role. The Manager role must exist before the call to IsCallerInRole; otherwise, you will get an error.

Note that the source code is bound to a role name scoped to a package. This creates a dependancy between the source and the package definition that must be considered when making modifications to a Package's security configuration, such as deleting a role.

To define a role for the Sample Bank package
  1. Start the Microsoft Transaction Server Explorer.

If you are currently running Sample Bank, you must shut down the associated server process to change security properties.

How?

  1. Create a role named Manager.

How?

  1. Assign users to the role. If you have access to more than one Windows NT account, you may want to exclude some user accounts from the Manager role to see the role checking in effect.

How?

Run the Bank client. If you are logged on as a user in the Manager role, you will be able to perform transactions of any amount. However, if you are logged on as a user who isn't in the Manager role, you will get a warning message when attempting a transaction of more than $500. The transaction will then abort. If you don't have access to more than one account, try removing your user account from the role to see the role checking enforced.

How?

See Also

Programmatic Security, Enabling MTS Package Security, Application Design Notes: Using Roles, IsCallerInRole method