IServerSecurity
Used by a
server to help identify the client and to manage impersonation of the client. IServerSecurity:QueryBlanket
and IServerSecurity::ImpersonateClient may only be called before the
ORPC call completes. The interface pointer must be released when it is no
longer needed.
When a client
calls a server, the server can call CoGetCallContext The pointer to
the instance of IServerSecurity returned by CoGetCallContext is
automaticly deleted when the server sends the reply back to the client.
When to Implement
The stub
managment code in the system provides an implementation of IServerSecurity
for objects by default as part of each incoming call, so typically you would
not implement this interface.
You may
choose to implement IServerSecurity on the custom stubs of objects that
support custom marshaling to maintain a consistent programming model for their
objects.
When to Use
The methods
of the IServerSecurity interface are called by the server/object to
examine or alter the security level of the connection between the caller and
this particular object. Its most common use is for impersonation (IServerSecurity::ImpersonateClient
and ::RevertToSelf), where the server impersonates the client to test
the privilege level of the calling client with an AccessCheck call. The
information obtained through IServerSecurity also allows an object to
implement its own security framework, perhaps not based on the Access Control
Lists (ACLs) that impersonation is geared toward. A different implementation
could base its security framework on the client name or other information
available through a call to the QueryBlanket method.
Methods in Vtable Order
IUnknown Methods |
Description |
QueryInterface |
Returns
pointers to supported interfaces. |
AddRef |
Increments
the reference count. |
Release |
Decrements
the reference count. |
IServerSecurity Methods |
Description |
QueryBlanket |
Called by
the server to find out about the client that invoked one of its methods. |
ImpersonateClient |
Allows a
server to impersonate a client for the duration of a call. |
RevertToSelf |
Restores
the authentication information on a thread to the process s identity. |
IsImpersonating |
Indicates
whether the server is currently
impersonating the client. |
See Also