To truly understand COM+ security, we must take a look back at the foundation of COM, RPC. You may recall from previous chapters that the COM remoting protocol, normally referred to as the DCOM wire protocol, is built on top of MSRPC. In truth, all DCOM calls are true MSRPC calls. MSRPC is the Windows implementation of the Remote Procedure Call (RPC) specification written by the Open Software Foundation (OSF). MSRPC is a protocol, and, like all other protocols, it is a set of rules for how to format byte streams from one program to another. RPC is a protocol that is built on top of other network protocols such as TCP, UDP, SPX, and so forth. The RPC protocol enhances the existing protocols by providing the rules for how to make method calls and transmit method parameters. Even today, all COM+ calls from one machine to another are true MSRPC calls.

Because all COM+ calls across the wire are really “object-oriented” MSRPC calls, COM+ security has as its foundation RPC security. If you learn a little about MSRPC security, then you will be very close to understanding COM+ security. With that in mind, let’s discuss RPC security. I am not going to bore you will all the RPC commands that you must use to create an RPC server and an RPC client program. Instead, let’s talk about RPC security at a higher level.

In the good old days, if you wanted a client program to talk to a server program, you would write RPC code. You would first define an interface (yes, interfaces were really ...