Occasionally, a client may want to ensure a specific security blanket is set on a particular interface when presented to the server for security negotiation. Directly changing the security blanket on the default proxy (returned by initial QueryInterface() call) will affect all other users of the proxy who may have different security requirements. The way out of the predicament is to make a private copy of the proxy on which to set the desired security blanket.
Beware, however: proxy copies are special in that a QueryInterface() on a proxy copy will return a pointer to an interface on the original proxy, with the original's security blanket.
CoCopyProxy() encapsulates several steps. It does a QueryInterface() on the original proxy for IID_IClientSecurity, invoking IClientSecurity::CoCopyProxy() on it and then releasing it.
HRESULT CoCopyProxy( IUnknown* pProxy, // original
IUnknown** ppCopy ); // pointer to copy pointerThe client can now set the security blanket by doing, for example:
IUnknown pCopy; // copy proxy
CoCopyProxy( pProxy, &pCopy );
CoSetProxyBlanket( pCopy,
RPC_C_AUTHN_WINNT,
RPC_C_AUTHZ_NONE,
L”HOST”,
RPC_C_AUTHN_LEVEL_CONNECT,
RPC_C_IMP_LEVEL_IMPERSONATE,
NULL,
0);
// use the proxy
...
pCopy->Release();Here's the exact declaration:
HRESULT CoSetProxyBlanket( IUnknown* pProxy,
DWORD dwAuthnSvc,
DWORD dwAuthzSvc,
OLECHAR* pServerPrincName,
DWORD dwAuthnLevel,
DWORD dwImpLevel,
RPC_AUTH_IDENTITY_HANDLE* pAuthInfo,
DWORD dwCapabilities );We've seen most of the arguments before!
| Parameter | Meaning |
Pproxy |
Pointer to a copy proxy on which this blanket will be set. |
DwAuthnSvc |
An RPC_C_AUTHN_xxx value. |
DwAuthzSvc |
An RPC_C_AUTHZ_xxx value. |
PserverPrincName |
A wide character string with server's principal name to be used for authentication. |
DwAuthnLevel |
An RPC_C_AUTHN_LEVEL_xxx value. |
DwImpLevel |
An RPC_C_IMP_LEVEL_xxx value. |
PAuthInfo |
Authentication service specific. NULL for default. |
DwCapabilities |
Extra capabilities for the proxy. Not defined. |