Server-Side Security

The server can retrieve security information about a caller or impersonate the caller by using the methods of IServerSecurity. An implementation of IServerSecurity is supplied by COM on the context object for the current call when standard marshaling is used. However, this interface may be absent for some custom-marshaled interfaces.

When a call arrives at the server, the server can call CoGetCallContext to obtain a pointer to the IServerSecurity interface. With this pointer, IServerSecurity methods can be called by the server to find out what the client's authentication settings are and to impersonate the client, if needed. The IServerSecurity object is valid on any thread in the apartment until the call represented by IServerSecurity completes. For more information about impersonation, see Impersonation and Cloaking.

The following helper functions that rely on the call context object's IServerSecurity interface implementation are also available:

Security in COM