IServerSecurity Interface

On the server side, the server is to obtain the parameters contained in the client's security blanket for this interface and perform manipulation based on these parameters (such as impersonating the client). The main interface for this purpose is the

IServerSecurity

. This interface also provides control over the security level while executing on behalf of the client. To obtain this interface, which is actually provided by a call context object inside the stub, the server must make a CoGetCallContext()
call.

Once the

IServerSecurity

interface is obtained, the server has the option to:

Get specific security level information from the blanket by making the IServerSecurity::QueryBlanket()
method call
Impersonate the client's security level and identification while carrying out resource access by making the IServerSecurity::ImpersonateClient()
and IServerSecurity::RevertToSelf()
method calls
Determine if the server thread is currently impersonating the client using the IServerSecurity::IsImpersonating()
method call

As with the

IClientSecurity

interface, there are wrapper APIs including CoQueryClientBlanket()
, CoImpersonateClient()
and CoRevertToSelf(),
making the use of the IServerSecurity
interface somewhat simpler.