Client-Side Security
In this section, you’ll build a simple client component that will use the SecureOcrServer component to test out the security features discussed previously. You’ll learn how to set the default security for all proxies instantiated within this client process. This default can be altered prior to making an activation or a normal function call; for example, you can use any user identity to activate an object or invoke a method. Furthermore, you can specify the authentication and impersonation levels for each activation or method call. Here’s a brief summary for the topics that you’ll learn in this section:
Setting the authentication identity using the
SEC_WINNT_AUTH_IDENTITY_Wstructure. This includes the user’s domain, name, password.Setting the process-wide security for all proxies using CoInitializeSecurity.
Merging the proxy/stub code. You’ve done this before in Chapter 8, but you’ll learn another technique—manually using the CoRegisterPSClsid API function. This subsection has nothing to do with security, but it shows you how to internally register interface marshalers for an out-of-process EXE component.
Using activation security. This is security that is applied to activation API functions such as CoGetClassObject or CoCreateInstance[Ex].
Using call security. This is security that can be set for each method invocation using the IClientSecurity::SetBlanket method or its shorthand, the CoSetProxyBlanket API function.
Handling errors. You’ll also learn how to obtain ...
Get Learning DCOM now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
