Chapter 9. Applying Security
In this chapter:
You learned COM security fairly thoroughly in Chapter 5. However, Chapter 5 discussed COM security in general, without practical hands-on examples. In this chapter, you’ll create a server and a client component that take security into consideration. You’ll develop a typical server application that accounts for the following:
Server-Side COM Security—This section covers the use of COM security on the server side. We will make use of the CoGetCallContext API function and the IServerSecurity interface to learn about the calling client.
Access Token—If you want to inquire about the detailed information of the calling client, you must use platform-specific security support. In Windows NT 4.0, COM uses the NTLM security provider. We will take advantage of NT security to obtain the access token of the caller. Given this access token and permissions to impersonate, we can find pretty much everything about the caller. In our exercise, we will obtain the user’s unique security identifier (SID) and the groups to which the user belongs.
Audit Trail—An audit trail allows application servers to log important messages (e.g., security violations) that can be traced and audited. In typical applications, these audit messages are written to text files. However, since the NT event log allows a common facility to log audit or application messages, we will use this facility ...
Get Learning DCOM now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.