To set up a binding handle for authenticated RPC, a client application calls RpcBindingSetAuthInfo. Without this call, all remote procedure calls on the binding handle will be unauthenticated. The chosen level of security and authentication applies only to that binding handle. Context handles derived from the binding handle will use the same security information, but subsequent modifications to the binding handle will not be reflected in the context handles. The security and authentication level stays in effect until another level of security is chosen, or until the process terminates. Most applications will not require a change in the security level.
The levels of security and authentication available for authenticated RPC are shown in the following table:
Authentication-Level Constant | Description |
---|---|
RPC_C_AUTHN_LEVEL_DEFAULT | Uses the default authentication level for the specified authentication service. |
RPC_C_AUTHN_LEVEL_NONE | Performs no authentication. |
RPC_C_AUTHN_LEVEL_CONNECT | Authenticates only when the client establishes a relationship with the server. Datagram RPC does not support this level and instead uses the RPC_C_AUTHN_LEVEL_PKT level. |
RPC_C_AUTHN_LEVEL_CALL | Authenticates only at the beginning of each remote procedure call when the server receives the request. Although defined by OSF, neither datagram nor connection-oriented RPC supports this level. RPC uses the RPC_C_AUTHN_LEVEL_PKT level instead. |
RPC_C_AUTHN_LEVEL_PKT | Authenticates and verifies that all data received is from the expected client. |
RPC_C_AUTHN_LEVEL_PKT_INTEGRITY | Authenticates and verifies that none of the data transferred between client and server has been modified. |
RPC_C_AUTHN_LEVEL_PKT_PRIVACY | Authenticates all previous levels and encrypts the argument value of each remote procedure call. Note that this level is unavailable in France due to legal restrictions. |
Note The RPC_C_AUTHN_LEVEL_CALL, RPC_C_AUTHN_LEVEL_PKT, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, and RPC_C_AUTHN_LEVEL_PKT_PRIVACY are only supported for clients communicating with a Windows NT server. A Windows® 95 server can only accept incoming calls at the RPC_C_AUTHN_LEVEL_CONNECT level.
The level of security required depends entirely on the application. When choosing a security level for your application, remember that the higher the protection level, the greater the overhead required to create and maintain the levels. Additionally, there are performance trade-offs to consider. The checksum computation and encryption required by the RPC run-time library can make data protection a time-consuming operation. The more often credentials are checked, the more time it will take to get on with the business of the application. Use the authentication-level constant that offers the protection your application needs.
Note that authentication-level constants cannot be combined.