We have concentrated on the OBJREF and connection points in this chapter. Both of these discussions involve the passing of an interface pointer from one object to another. This is very powerful, but even if a client receives an interface pointer, it doesn’t mean that the client can successfully invoke methods using the received interface pointer. The reason for this is security. The receiver can invoke methods on the received interface pointer, barring security constraints.

For example, a ChatClient component successfully obtains a ChatServer object’s IUnknown interface pointer from the ChatBroker component. Nevertheless, this doesn’t mean that the ChatClient component can send chat messages to the ChatServer component. This depends upon the ChatServer component’s access security, which can be configured programmatically using CoInitializeSecurity or manually using dcomcnfg.exe. Even if these are correctly configured, the authentication levels and impersonation levels may also be a factor in successful invocations. You’ll have to correctly configure security in order for successful method invocations among different components.

As a different but related example, consider that a ChatClient component successfully sends a chat message to a server, because it has access. However, it may be possible that the ChatServer component cannot make callbacks to the client, because the client cannot authenticate the server. For instance, if you’ve configured the ...