IServerSecurity

Used by a server to help identify the client and to manage impersonation of the client. IServerSecurity:QueryBlanket and IServerSecurity::ImpersonateClient may only be called before the ORPC call completes. The interface pointer must be released when it is no longer needed.

When a client calls a server, the server can call CoGetCallContext until the server sends the reply back to the client. The pointer to the instance of IServerSecurity returned by CoGetCallContext is automaticly deleted when the server sends the reply back to the client.

When to Implement

The stub managment code in the system provides an implementation of IServerSecurity for objects by default as part of each incoming call, so typically you would not implement this interface.

You may choose to implement IServerSecurity on the custom stubs of objects that support custom marshaling to maintain a consistent programming model for their objects.

When to Use

The methods of the IServerSecurity interface are called by the server/object to examine or alter the security level of the connection between the caller and this particular object. Its most common use is for impersonation (IServerSecurity::ImpersonateClient and ::RevertToSelf), where the server impersonates the client to test the privilege level of the calling client with an AccessCheck call. The information obtained through IServerSecurity also allows an object to implement its own security framework, perhaps not based on the Access Control Lists (ACLs) that impersonation is geared toward. A different implementation could base its security framework on the client name or other information available through a call to the QueryBlanket method.

Methods in Vtable Order

IUnknown Methods

Description

QueryInterface

Returns pointers to supported interfaces.

AddRef

Increments the reference count.

Release

Decrements the reference count.

IServerSecurity Methods

Description

QueryBlanket

Called by the server to find out about the client that invoked one of its methods.

ImpersonateClient

Allows a server to impersonate a client for the duration of a call.

RevertToSelf

Restores the authentication information on a thread to the process’s identity.

IsImpersonating

Indicates whether the server is currently impersonating the client.

See Also

Security in COM

IUnknown Methods	Description
QueryInterface	Returns pointers to supported interfaces.
AddRef	Increments the reference count.
Release	Decrements the reference count.

IServerSecurity Methods	Description
QueryBlanket	Called by the server to find out about the client that invoked one of its methods.
ImpersonateClient	Allows a server to impersonate a client for the duration of a call.
RevertToSelf	Restores the authentication information on a thread to the process’s identity.
IsImpersonating	Indicates whether the server is currently impersonating the client.