| Platform SDK: Exchange 2000 Server |
[This is preliminary documentation and subject to change.]
CDOEXM objects must be run in a security context sufficient to perform management tasks. This is also true for the CDO and ADSI objects with aggregated recipient interfaces. As with all objects accessing the Exchange 2000 Server, CDOEXM uses the Microsoft® Windows NT® security model. Authentication as a Windows NT user will give you the administrative rights associated with that user. Here are suggested ways to get administrative privileges for these objects.
Log on as an Administrator. You can log on as an administrator and create objects to perform system management. You can log on programmatically within an object, or remotely log on through ASP pages using IIS authentication protocols. However, you will need to consider how you will fulfill the need for a username and password. In many management situations the administrator is not available to type in a username and password at a prompt.
Another limitation to logging in is that the administrator does not always create the CDO and ADSI objects that are used to manage recipients. For example, a Person object may be passed to an event sink. The event may need to manage the recipient in some way, such as add a mailbox. Yet the event sink is created with a default user context.
ADO contains methods for logging on as another user.
Wrap the objects using COM Plus. In many automated processes you may wish to allow users without administrative privileges to perform some specific Exchange management tasks. For example, allow them to register at your Web site and gain access to some of your information stores. You can set up a server-side ASP page that can run management objects within their own security contexts.
To give your management objects security contexts you can wrap them in COM Plus applications (formerly an MTS wrappers). COM Plus applications allow you to specify the identity (security context) of that object as a user with administrative rights. Using a COM Plus application eliminates the need to obtain administrator rights by logging on. See "Security in COM+" in the COM+ section of the Platform SDK in the MSDN™ Library.