Export (0) Print
Expand All

IServerSecurity interface

Used by a server to help authenticate the client and to manage impersonation of the client.

When to implement

The stub management code in the system provides an implementation of IServerSecurity for objects by default as part of each incoming call, so typically you would not implement this interface.

You may choose to implement IServerSecurity on the custom stubs of objects that support custom marshaling to maintain a consistent programming model for their objects. Before dispatching an arriving call, custom marshalers call the CoSwitchCallContext function, specifying a new context object (which must implement IServerSecurity). The original call context must be restored after the server object sends a reply.

When to use

The methods of IServerSecurity are called by a server object to examine the security settings of a particular call between a client and the server object (QueryBlanket) or to impersonate the client (ImpersonateClient and RevertToSelf). A server impersonates a client by running in the client's security context, which allows the server to test the privilege level of the calling client with an AccessCheck call and to access resources (such as files) as the client. For more information about how impersonation works, see Impersonation and Cloaking.

The information obtained through IServerSecurity also allows an object to perform security checks in addition to the automatic ACL checks COM performs. For example, an application may wish to allow time of day access to some objects or may have a different ACL for each method on an object.

IServerSecurity methods may be called only before the remote procedure call completes.

Members

The IServerSecurity interface inherits from the IUnknown interface. IServerSecurity also has these types of members:

Methods

The IServerSecurity interface has these methods.

MethodDescription
ImpersonateClient

Enables a server to impersonate a client for the duration of a call.

IsImpersonating

Indicates whether the server is currently impersonating the client.

QueryBlanket

Retrieves information about the client that invoked one of the server's methods.

RevertToSelf

Restores the authentication information of a thread to what it was before impersonation began.

 

Requirements

Minimum supported client

Windows 2000 Professional [desktop apps only]

Minimum supported server

Windows 2000 Server [desktop apps only]

Header

ObjIdl.h

IDL

ObjIdl.idl

IID

IID_IServerSecurity is defined as 0000013E-0000-0000-C000-000000000046

See also

CoGetCallContext
CoSwitchCallContext
Security in COM

 

 

Community Additions

ADD
Show:
© 2014 Microsoft