I've written a serviced component in C# that interacts with some COM
components (in a separate process).  All components are run on the
same machine (currently under the Administrator account).  I've
enabled role-based security on the serviced component (at the
component level) through attributes in C#.  This component implements
the standard IConnectionPointContainer interface.  It looks like this:

In assembly.cs:

[assembly: ApplicationActivation(ActivationOption.Server)]
[assembly: ApplicationAccessControl(Value = true,
									Authentication = AuthenticationOption.Integrity,
									ImpersonationLevel = ImpersonationLevelOption.Identify,
									AccessChecksLevel =
AccessChecksLevelOption.ApplicationComponent)]
[assembly: SecurityRole("MyRole")]


In the class's .cs file:

using System.Runtime.InteropServices;
using System.Runtime.InteropServices.ComTypes;
using System.EnterpriseServices;

[ComVisible(true)]
[ComponentAccessControl(true)]
[Guid("XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX")]
[ProgId("MyComponent.MyObject.1")]
public class MyObject: ServicedComponent, /* Other interfaces... */,
IConnectionPointContainer
{
	[SecurityRole("MyRole")]
	void IConnectionPointContainer.EnumConnectionPoints(out
IEnumConnectionPoints ppEnum)
	{
		// Implementation
	}

	[SecurityRole("MyRole")]
	void IConnectionPointContainer.FindConnectionPoint(ref Guid riid, out
IConnectionPoint ppCP)
	{
		// Implementation
	}

	// Other interface implementations...
}

I can CoCreate my component using this IID, and call
IConnectionPointContainer's methods on it.  However, if I have role-
based security enabled, the calls always fail with E_ACCESSDENIED.
The client code is run under a user account that is included within
"MyRole".  In fact, the same client code can call other methods on
this component that are restricted to "MyRole".

If I remove the role restrictions from these specific methods (by
commenting out the SecurityRole attribute), it still does not work.
If I turn off role-based security on this component (by commenting out
the ComponentAccessControl attribute), it *does* work.  So it seems
there is something odd going on with the IConnectionPointContainer
interface and role-based security.

One thing I am seeing is that IConnectionPointContainer does not
appear in the list of interfaces in the COM+ application GUI (in
Component Services) -- even though I am explicitly implementing the
interface and can CoCreate using that interface.  I suspect this is
somehow related to my problem; maybe this interface is somehow being
treated "special" by the interop layer (I know that connection point
implementations are converted to .NET events, so I am guessing
something similar might happen with IConnectionPointContainers).

Any ideas on what is going on here, or how I can fix it?  I really
don't care if the interface appears in the COM+ application as long as
I can use it with the object.  But the security problem is a real
issue for me.  How can I get these methods to work properly with role-
based security?

Thanks,

Carl