If the client calls
, the security values for authentication and authorization for the process are set. If a fine-grain security control is required on the calls to individual interfaces, the client can achieve this by invoking security functions on each of the interface proxies. The main security interface to achieve this on the client side is CoInitializeSecurity()
. You can obtain it by doing a IClientSecurity
on an interface from the remote object for QueryInterface()
. In reality, since every remote object method invocation goes through a proxy managed by a proxy manager (who actually aggregates the proxy object), the proxy manager will intercept and provide this interface. IID_IClientSecurity
Once the
interface is obtained, the client can change the security blanket for this single proxy instance by first using the IClientSecurity
method to create a new instance of the proxy, and then using the IClientSecurity::CopyProxy()
method of the interface to alter the blanket. It's important to make a copy of the proxy before setting its security blanket to avoid contention with other portions of the process that may be setting the security blanket to other values. IClientSecurity::SetBlanket()
There are wrapper functions available which call the
methods, these include IClientSecurity
, CoSetProxyBlanket()
, and CoQueryProxyBlanket()
. CoCopyProxy()
Clients can call
to inquire about the existing security blanket on a proxy, CoQueryProxyBlanket()
to set a new security blanket on a proxy, and CoSetProxyBlanket()
to obtain a proxy copy on which a security blanket can be set without contention.CoCopyProxy()