IClientSecurity::QueryBlanket method (objidl.h)

Article
10/13/2021

Retrieves authentication information the client uses to make calls on the specified proxy.

Syntax

HRESULT QueryBlanket(
  [in]  IUnknown *pProxy,
  [out] DWORD    *pAuthnSvc,
  [out] DWORD    *pAuthzSvc,
  [out] OLECHAR  **pServerPrincName,
  [out] DWORD    *pAuthnLevel,
  [out] DWORD    *pImpLevel,
  [out] void     **pAuthInfo,
  [out] DWORD    *pCapabilites
);

Parameters

[in] pProxy

A pointer to the proxy. This parameter cannot be NULL. For more information, see the Remarks section.

[out] pAuthnSvc

The current authentication service. This will be a single value taken from the list of authentication service constants. This parameter cannot be NULL.

[out] pAuthzSvc

The current authorization service. This will be a single value taken from the list of authorization constants. This parameter cannot be NULL.

[out] pServerPrincName

The current principal name. The string will be allocated by the callee using the CoTaskMemAlloc function and must be freed by the caller using the CoTaskMemFree function. Note that the actual principal name is returned. The EOAC_MAKE_FULLSIC flag is not accepted to convert the prinicpal name. If the caller specifies NULL, the current principal name is not retrieved.

[out] pAuthnLevel

The current authentication level. This will be a single value taken from the list of authentication level constants. If this parameter is NULL, the current authentication level is not retrieved.

[out] pImpLevel

The current impersonation level. This will be a single value taken from the list of impersonation level constants. If this parameter is NULL, the current impersonation level is not retrieved.

[out] pAuthInfo

A pointer to a handle indicating the identity of the client that was passed to the last IClientSecurity::SetBlanket call (or the default value). Default values are only valid until the proxy is released. If the caller specifies NULL, the client identity is not retrieved.

The format of the structure that the returned handle refers to depends on the authentication service. For NTLMSSP and Kerberos, if the client specified a structure in the pAuthInfo parameter to CoInitializeSecurity, that value is returned. For Schannel, if a certificate for the client could be retrieved from the certificate manager, that value is returned here. Otherwise, NULL is returned. Because this points to the value itself and is not a copy, it should not be manipulated or freed.

[out] pCapabilites

The capabilities of the proxy. These flags are defined in the EOLE_AUTHENTICATION_CAPABILITIES enumeration. If this parameter is NULL, the current capability flags are not retrieved.

Return value

This method can return the following values.

Return code	Description
S_OK	The method completed successfully.
E_INVALIDARG	One or more arguments are not valid.
E_OUTOFMEMORY	There is insufficient memory to create the pServerPrincName buffer.

Remarks

QueryBlanket is called by the client to retrieve the authentication information COM will use on calls made from the specified interface proxy. With a pointer to an interface on the proxy, the client would first call QueryInterface for a pointer to IClientSecurity; then, with this pointer, the client would call QueryBlanket, followed by releasing the pointer. This sequence of calls is encapsulated in the helper function CoQueryProxyBlanket.

In pProxy, you pass an interface pointer. However, you cannot pass a pointer to an interface that does not use a proxy. Thus you cannot pass a pointer to an interface that has the local keyword in its interface definition since no proxy is created for such an interface. IUnknown is the exception to this rule.

Requirements

Requirement	Value
Minimum supported client	Windows 2000 Professional [desktop apps \| UWP apps]
Minimum supported server	Windows 2000 Server [desktop apps \| UWP apps]
Target Platform	Windows
Header	objidl.h (include ObjIdl.h)