Security in COM is firmly based on Windows NT® security and the underlying RPC security mechanisms. COM security relies on authentication (the process of verifying a caller's identity) and authorization (the process of determining whether a caller is authorized to do what it is asking to do). There are two main types of security in COM — activation security and call security. Activation security determines whether a client can launch a server at all. Once a server has been launched, you can use call security to control access to a server's objects.
Prior to Windows NT 4.0, there was no special support for security in COM beyond that provided by the operating system. Therefore, out-of-process servers had the same permissions as the interactive user, and all activations were done "run as activator" (not "run as interactive user"). In addition, an object instance could be created for any CLSID in the registry, no matter who the user was.
Windows NT 4.0 introduced security for COM that uses and enhances the underlying Windows NT security model. In this model, servers manage and protect objects, clients get access to objects through servers, and servers can attempt access while impersonating the client.
Windows NT 5.0 introduces the Kerberos and Secure Sockets Layer (SSL) security packages and adds features such as delegate-level impersonation, mutual authentication (for Kerberos), the ability to set authentication levels for an AppID in the registry, and cloaking. Using COM security, you can implement objects that can perform privileged operations without compromising security.
Because there is a wide range of COM security features available, it is helpful to initially determine what kind of security your application needs. For most applications, setting an acceptable level of security can be a painless process, but you can also use COM security to support very complex security scenarios. For more information, see Determining Your Security Needs.
You can set security process-wide, either by using Dcomcnfg.exe to set the registry or by calling CoInitializeSecurity. Two primary interfaces, IClientSecurity and IServerSecurity (and associated helper functions), allow you to set call-level security within your program. If you already know your security needs, you can jump to one of the following topics to learn more about COM security: