IClientSecurity interface

Gives the client control over the security settings for each individual interface proxy of an object.

When to implement

The proxy manager for each object provides an implementation of IClientSecurity, so you would typically not implement this interface. If, however, you are defining objects that support custom marshaling, you may choose to implement IClientSecurity on the objects' custom proxies to maintain a consistent programming model for the objects' client applications. You may also choose to support this interface on in-process objects.

When to use

Call the methods of this interface to examine or modify the security settings of a particular connection to an out-of-process object. For example, you might temporarily establish a higher security level — one with complex encryption — only for the period when sensitive information or data is being sent to the object. Alternately, you might establish different proxies to the same object with different security levels. You could use these security levels to support different clients that are calling your object or to support different operations within your application.


The IClientSecurity interface inherits from the IUnknown interface. IClientSecurity also has these types of members:


The IClientSecurity interface has these methods.


Makes a private copy of the proxy for the specified interface.


Retrieves authentication information the client uses to make calls on the specified proxy.


Sets the authentication information (the security blanket) that will be used to make calls on the specified proxy.



Every object has one proxy manager, and every proxy manager exposes the IClientSecurity interface automatically. Therefore, the client can query the proxy manager of an object for IClientSecurity, using any interface pointer on the object. If the QueryInterface call succeeds, the IClientSecurity pointer can be used to call an IClientSecurity method, passing a pointer to the interface proxy that the client is interested in. If a call to QueryInterface for IClientSecurity fails, either the object is implemented in-process or it is remoted by a custom marshaler that does not support security. (A custom marshaler can support security by offering the IClientSecurity interface to the client.)

The interface proxies passed as parameters to IClientSecurity methods must be from the same object as the IClientSecurity interface. That is, each object has a distinct IClientSecurity interface; calling IClientSecurity on one object and passing a proxy to another object will not work. Also, you cannot pass an interface to an IClientSecurity method if the interface does not use a proxy. This means that interfaces implemented locally by the proxy manager cannot be passed to IClientSecurity methods, except for IUnknown, which is the exception to this rule.


Minimum supported client

Windows 2000 Professional [desktop apps | UWP apps]

Minimum supported server

Windows 2000 Server [desktop apps | UWP apps]






IID_IClientSecurity is defined as 0000013D-0000-0000-C000-000000000046

See also

Security in COM
Setting Process-Wide Security with CoInitializeSecurity