3.2.4.1.2.2 Issuing the OXID Resolution Request

  • Article

The client MUST proceed to issue an OXID resolution request by:

  • Selecting the security parameters.

  • Selecting the OXID resolution request parameters.

The client SHOULD specify security on the OXID resolution request. The client SHOULD use the SECURITYBINDING structure contained in the saResAddr field of the OBJREF to pick a security provider that is common to both the client and the object resolver, and that meets the client's security requirements.

The client MUST specify the values for the following security settings:

The client MUST specify the credentials of the security principal of the application or higher-level protocol that is issuing the OXID resolution request as the credentials for the call.

The client MUST specify an authentication level of at least RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (see [MS-RPCE] section 2.2.1.1.8).<84>

The client MUST specify an impersonation level of at least RPC_C_IMPL_LEVEL_IDENTIFY (see [MS-RPCE] section 2.2.1.1.9).<85>

When using Kerberos and SPNEGO security providers, the client MUST specify an SPN of "RPCSS/<remote server name>", where <remote server name> is the network address used to create the RPC binding information, as specified in section 3.2.4.1.2.1.

The client MUST call the ResolveOxid2 method of the IObjectExporter interface to make the OXID resolution request.

If the ResolveOxid2 method fails with the RPC_S_PROCNUM_OUT_OF_RANGE error (as specified in [MS-ERREF] section 2.2), the client MUST retry by calling the ResolveOxid method. In this case, it MUST assume that the COMVERSION structure of the server specifies version 5.1.

The client MUST specify parameters to the OXID resolution request as follows:

  • The client MUST specify the OXID of the object exporter contained in the object reference supplied by the DCOM application.

  • The client MUST supply an array of RPC protocol sequence identifiers that the client's object resolver listens on, as specified in section 3.1.2.3. The array SHOULD contain all such identifiers (as opposed to only a subset of them).

When OXID resolution completes successfully, the following data MUST be returned to the client:

  • The OXID bindings of the object exporter.

  • IPID of the IRemUnknown interface of the object exporter.

  •  The COMVERSION of the server in the case of ResolveOxid2.

  • An authentication hint for use in subsequent ORPCs to the server.