If the client or server calls CoInitializeSecurity(), the default security blanket for the process is set. It has be called only once per process. If a DCOM client or server doesn't call CoInitializeSecurity(), the COM runtime will use the configured default security blanket in the registry. The call is typically made immediately after a call to CoInitializeEx(). The security blanket parameter for the COSERVERINFO parameter of the CoCreateInstanceEx() call can be used to override the CoInitializeSecurity() settings on a per-class basis. Let's examine the calling syntax of the CoInitializeSecurity() API:
HRESULT CoInitializeSecurity( PSECURITY_DESCRIPTOR pSecDesc,
LONG cAuthSvc,
SOLE_AUTHENTICATION_SERVICE* asAuthSvc,
void* pReserved1,
DWORD dwAuthnLevel,
DWORD dwImpLevel,
void* pReserved2,
DWORD dwCapabilities,
void* pReserved3 );| Parameter | Meaning |
PsecDesc |
The pointer to the SECURITY_DESCRIPTOR In the first argument, if not NULL—in which case all callers are allowed—specifies which principals are allowed to communicate with the process and which are disallowed. |
CauthSvc |
This is the size of the array asAuthSvc. If 0 is passed, no authentication service is registered. -1 signals COM to choose on its own which service to use. |
AsAuthSvc |
Specifies an array of structures each containing a principal name as well as an authentication and authorization service ID. These are the initial values used. The actual services to be used for each connection are negotiated and may be different. |
dwAuthnLevel |
Default authentication level for proxies. The available values are as in the CoCreateInstanceEx() call. |
dwImpLevel |
Default impersonation level for proxies. The available values are as in the CoCreateInstanceEx() call. |