passing impersonation token to out-of-proc COM server
From: Tomaz Beltram (tomazb_at_hotmail.com)
Date: 11/28/03
- Next message: Karl Levinson [x y] mvp: "Re: Deny all anonymous"
- Previous message: Steen Pedersen: "How to lock a workstation completely"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Nov 2003 13:51:54 +0100
Please guide me to a different newsgroup if there is a more appropriate
one for my question.
Here is the problem:
1. The client application uses LogonUser and ImpersonateLoggedOnUser to
change identity and calls a out-of-proc COM server (on same host).
2. COM server uses CoImpersonateClient to change identity. Unfortunately
it always uses client's primary access token and not the impersonation
token.
E.g.:
- Process A runs under Alice account.
- Server process S runs as service under local system account.
- A impersonates user Bob and makes a COM call to S.
- In serving the call S impersonates clients identity but it is not Bob,
its Alice!?
This is not what I wanted. On the other hand, when the client
application creates a new process with CreateProcessAsUser and issues a
COM call from there, everything works as expected.
I suspect that the cause of this behavior is in that COM uses different
thread to make the call to the server and that thread doesn't have the
right identity.
Can anyone confirm that? Has anyone an idea on how to pass impersonation
token to the COM server? I want to avoid passing user credentials in
parameters.
thanks Tomaz
- Next message: Karl Levinson [x y] mvp: "Re: Deny all anonymous"
- Previous message: Steen Pedersen: "How to lock a workstation completely"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
