IClientSecurity::SetBlanket  7PM2QP

Sets the authentication information that will be used to make calls on the specified proxy.

HRESULT SetBlanket(

Parameter

pProxy

[in] Indicates the proxy to set.

dwAuthnSvc

[in] A single DWORD value from the list of RPC_C_AUTHN_xxx7Z5JSI constants indicating the authentication service to use. It may be RPC_C_AUTHN_NONE if no authentication is required. RPC_C_AUTHN_WINNT is the only value available on NT by default.

dwAuthzSvc

[in] A single DWORD value from the list of RPC_C_AUTHZ_xxx29VYICN constants indicating the authorization service to use. If you are using the NT authentication service, use RPC_C_AUTHZ_NONE.

pServerPrincName

[in] Pointer to a WCHAR string that indicates the server principal name to use with the authentication service. If you are using RPC_C_AUTHN_WINNT, the principal name must be NULL.

dwAuthnLevel

[in] A single DWORD value from the list of RPC_C_AUTHN_LEVEL_xxx1.DJZN2 constants indicating the authentication level to use.

dwImpLevel

[in] A single DWORD value from the list of RPC_C_IMP_LEVEL_xxxGX84WE constants indicating the impersonation level to use. Currently, only RPC_C_IMP_LEVEL_IMPERSONATE and RPC_C_IMP_LEVEL_IDENTIFY are supported by NTLMSSP.

pAuthInfo

[in] Pointer to an RPC_AUTH_IDENTITY_HANDLE value that establishes the identity of the client. It is authentication-service specific. Some authentication services allow the application to pass in a different user name and password. COM keeps a pointer to the memory passed in until COM is uninitialized or a new value is set. If NULL is specified COM uses the current identity (the process token ). For NTLMSSP the structure is SEC_WINNT_AUTH_IDENTITY_W. The format of this structure depends on the provider of the authentication service.

dwCapabilities

[in] A DWORD defining flags to establish indicating the further capabilities of this proxy. Currently, no capability flags are defined.

The caller should specify EOAC_NONE. EOAC_MUTUAL_AUTH is defined and may be used by other security providers, but is not supported by NTLMSSP. Thus, NTLMSSP will accept this flag without generating an error but without providing mutual authentication.

Return Values

S_OK

Success, append the headers.

E_INVALIDARG

One or more arguments is invalid.

Remarks

IClientSecurity::SetBlanket sets the authentication information that will be used to make calls on the specified proxy. The values specified here override the values chosen by automatic security. Calling this method changes the security values for all other users of the specified proxy. Call IClientSecurity::CopyProxyIDT4JZ to make a private copy of the proxy.

By default, COM will choose the first available authentication service and authorization service available on both the client and server machines and the principal name which the server registered for that authentication service. Currently, COM will not try another authentication service if the first fails.

If pAuthInfo is NULL, it defaults to the current process token. dwAuthnLevel and dwImpLevel default to the values specified to CoInitializeSecurity12NDMS. If CoInitializeSecurity is not called, the defaults are taken from the registry. The initial value for dwAuthnLevel on a proxy will be the higher of the value set on the client s call to CoInitializeSecurity and the server s call to CoInitializeSecurity .

Security information cannot be set on local interfaces. For example, it is illegal to set security on the IClientSecurity interface. However, since that interface is supported locally, there is no need for security. IUnknown is a special case. There are several cases.  First, IUnknown cannot be copied.  Thus all users of an object get the same security.  Second, SetBlanket can be used to set the security used for calls to QueryInterface.  However, since QueryInterface is heavily cached, the server might not see the call.  Third, AddRef and Release always use the security set with CoInitializeSecurity, never the values set with SetBlanket.

See Also