IServerSecurity  57_9_ZT

Used by a server to help identify the client and to manage impersonation of the client. IServerSecurity:QueryBlanket and IServerSecurity::ImpersonateClient may only be called before the ORPC call completes. The interface pointer must be released when it is no longer needed.

When a client calls a server, the server can call CoGetCallContext1IHTI14 until the server sends the reply back to the client.  The pointer to the instance of IServerSecurity returned by CoGetCallContext is automaticly deleted when the server sends the reply back to the client.

When to Implement

The stub managment code in the system provides an implementation of IServerSecurity for objects by default as part of each incoming call, so typically you would not implement this interface.

You may choose to implement IServerSecurity on the custom stubs of objects that support custom marshaling to maintain a consistent programming model for their objects.

When to Use

The methods of the IServerSecurity interface are called by the server/object to examine or alter the security level of the connection between the caller and this particular object. Its most common use is for impersonation (IServerSecurity::ImpersonateClient and ::RevertToSelf), where the server impersonates the client to test the privilege level of the calling client with an AccessCheck call. The information obtained through IServerSecurity also allows an object to implement its own security framework, perhaps not based on the Access Control Lists (ACLs) that impersonation is geared toward. A different implementation could base its security framework on the client name or other information available through a call to the QueryBlanket method.

Methods in Vtable Order

IUnknown1NEM0LU Methods

Description

QueryInterface2Y54585

Returns pointers to supported interfaces.

AddRef1SHW0SS

Increments the reference count.

ReleaseDUW01A

Decrements the reference count.

 

IServerSecurity Methods

Description

QueryBlanket4IVW_N4

Called by the server to find out about the client that invoked one of its methods.

ImpersonateClient432_MJ5

Allows a server to impersonate a client for the duration of a call.

RevertToSelf4OSWWQ

Restores the authentication information on a thread to the process s identity.

IsImpersonating12XZ160

Indicates whether  the server is currently impersonating the client.

 

See Also

Security in COM