IServerSecurity  57_9_ZT

Used by a server to help identify the client and to manage impersonation of the client. IServerSecurity:QueryBlanket and IServerSecurity::ImpersonateClient may only be called before the ORPC call completes. The interface pointer must be released when it is no longer needed.

When a client calls a server, the server can call CoGetCallContext1IHTI14 until the server sends the reply back to the client.  The pointer to the instance of IServerSecurity returned by CoGetCallContext is automaticly deleted when the server sends the reply back to the client.

When to Implement

The stub managment code in the system provides an implementation of IServerSecurity for objects by default as part of each incoming call, so typically you would not implement this interface.

You may choose to implement IServerSecurity on the custom stubs of objects that support custom marshaling to maintain a consistent programming model for their objects.

When to Use

The methods of the IServerSecurity interface are called by the server/object to examine or alter the security level of the connection between the caller and this particular object. Its most common use is for impersonation (IServerSecurity::ImpersonateClient and ::RevertToSelf), where the server impersonates the client to test the privilege level of the calling client with an AccessCheck call. The information obtained through IServerSecurity also allows an object to implement its own security framework, perhaps not based on the Access Control Lists (ACLs) that impersonation is geared toward. A different implementation could base its security framework on the client name or other information available through a call to the QueryBlanket method.

Methods in Vtable Order

See Also