Client-Side Proxy Copying

Occasionally, a client may want to ensure a specific security blanket is set on a particular interface when presented to the server for security negotiation. Directly changing the security blanket on the default proxy (returned by initial QueryInterface() call) will affect all other users of the proxy who may have different security requirements. The way out of the predicament is to make a private copy of the proxy on which to set the desired security blanket.

Beware, however: proxy copies are special in that a QueryInterface() on a proxy copy will return a pointer to an interface on the original proxy, with the original's security blanket.

CoCopyProxy() encapsulates several steps. It does a QueryInterface() on the original proxy for IID_IClientSecurity, invoking IClientSecurity::CoCopyProxy() on it and then releasing it.

HRESULT CoCopyProxy( IUnknown* pProxy, // original
                     IUnknown** ppCopy ); // pointer to copy pointer

The client can now set the security blanket by doing, for example:

IUnknown pCopy;  // copy proxy

CoCopyProxy( pProxy, &pCopy );
CoSetProxyBlanket(  pCopy,  
          RPC_C_AUTHN_WINNT,
          RPC_C_AUTHZ_NONE,
          L”HOST”,
       RPC_C_AUTHN_LEVEL_CONNECT,
           RPC_C_IMP_LEVEL_IMPERSONATE,
         NULL, 
           0);
// use the proxy
...
pCopy->Release();

Here's the exact declaration:

HRESULT CoSetProxyBlanket( IUnknown* pProxy,
                           DWORD dwAuthnSvc,
                           DWORD dwAuthzSvc,
                           OLECHAR* pServerPrincName,
                           DWORD dwAuthnLevel,
                           DWORD dwImpLevel,
                           RPC_AUTH_IDENTITY_HANDLE* pAuthInfo,
                           DWORD dwCapabilities );

We've seen most of the arguments before!

Parameter Meaning
Pproxy Pointer to a copy proxy on which this blanket will be set.
DwAuthnSvc An RPC_C_AUTHN_xxx value.
DwAuthzSvc An RPC_C_AUTHZ_xxx value.
PserverPrincName A wide character string with server's principal name to be used for authentication.
DwAuthnLevel An RPC_C_AUTHN_LEVEL_xxx value.
DwImpLevel An RPC_C_IMP_LEVEL_xxx value.
PAuthInfo Authentication service specific. NULL for default.
DwCapabilities Extra capabilities for the proxy. Not defined.

© 1997 by Wrox Press. All rights reserved.