Component security has a couple terms you need to understand. Windows authentication refers to the authentication services that Windows 2000 performs for you. For instance, if user Ken logs in to a Web application with Basic or Integrated security, Win2K provides the security for Microsoft IIS.

  • Authentication services for components are the same as authentication services in general. Windows authentication falls in this category.
  • Authorization is the next step beyond authentication. COM+ authorization controls what users can do inside a component's code when they have instantiated their component. For instance, a user in the HRManagers role can probably perform more tasks than can a user in the HRClerks role.