IServerSecurity interface

Used by a server to help authenticate the client and to manage impersonation of the client.

When to implement

The stub management code in the system provides an implementation of IServerSecurity for objects by default as part of each incoming call, so typically you would not implement this interface.

You may choose to implement IServerSecurity on the custom stubs of objects that support custom marshaling to maintain a consistent programming model for their objects. Before dispatching an arriving call, custom marshalers call the CoSwitchCallContext function, specifying a new context object (which must implement IServerSecurity). The original call context must be restored after the server object sends a reply.

When to use

The methods of IServerSecurity are called by a server object to examine the security settings of a particular call between a client and the server object (QueryBlanket) or to impersonate the client (ImpersonateClient and RevertToSelf). A server impersonates a client by running in the client's security context, which allows the server to test the privilege level of the calling client with an AccessCheck call and to access resources (such as files) as the client. For more information about how impersonation works, see Impersonation and Cloaking.

The information obtained through IServerSecurity also allows an object to perform security checks in addition to the automatic ACL checks COM performs. For example, an application may wish to allow time of day access to some objects or may have a different ACL for each method on an object.

IServerSecurity methods may be called only before the remote procedure call completes.


The IServerSecurity interface inherits from the IUnknown interface. IServerSecurity also has these types of members:


The IServerSecurity interface has these methods.


Enables a server to impersonate a client for the duration of a call.


Indicates whether the server is currently impersonating the client.


Retrieves information about the client that invoked one of the server's methods.


Restores the authentication information of a thread to what it was before impersonation began.



Minimum supported client

Windows 2000 Professional [desktop apps only]

Minimum supported server

Windows 2000 Server [desktop apps only]






IID_IServerSecurity is defined as 0000013E-0000-0000-C000-000000000046

See also

Security in COM