Writing a Secure Server

If your server registers with a security provider, client calls with invalid credentials will not be dispatched. However, calls with no credentials will be dispatched. There are three ways to keep this from happening:

• Register the interface using RpcServerRegisterIfEx, with a security callback function; this will cause the RPC runtime to automatically reject unauthenticated calls to that interface.
• Call RpcBindingInqAuthClient to determine the security level in use by the client; your stub can then return an error if the client is unauthenticated.
• Only allow calls using the RPC_C_AUTHN_PACKET_PRIVACY level. Then, all server replies will be encrypted during transmission.

Note  If you are using the NT LAN Manager Security Support Provider (by means of the authentication-service constant RPC_C_AUTHN_WINNT), you should be aware that a client whose credentials specify an unknown user name will be given "guest" access permission. If you do not want this behavior, remove the "guest" account from your server.

The NTLMSSP provider also lets your server impersonate the client by calling RpcImpersonateClient. For more information on the NT security model, read Access Control Model.

If you need additional information on how to write a secure server, check with the manufacturer of your security provider.