Microsoft KB Archive/249636
Article ID: 249636
Article Last Modified on 4/27/2005
- Microsoft Visual Basic 5.0 Learning Edition
- Microsoft Visual Basic 6.0 Learning Edition
- Microsoft Visual Basic 5.0 Professional Edition
- Microsoft Visual Basic 6.0 Professional Edition
- Microsoft Visual Basic 5.0 Enterprise Edition
- Microsoft Visual Basic 6.0 Enterprise Edition
This article was previously published under Q249636
The CoSetProxyBlanket function in Microsoft Visual Basic can be used to set security values for a given object. This function can be used in place of the CoInitializeSecurity function, which cannot be used for some Visual Basic applications, such as ActiveX servers.
In some situations, it is necessary to define security settings for a distributed version of Component Object Model (DCOM) connection in the client. If the client is a Standard EXE, the CoInitializeSecurity API function can be used. However, if it is necessary to instantiate the object inside a .dll or an .ocx file running inside another process (for example, in a browser such as Microsoft Internet Explorer), CoInitializeSecurity cannot be called at the very beginning of the process. In cases of this type, the CoSetProxyBlanket function should be used.
One important point to consider is that the CoSetProxyBlanket function sets security at the interface level. You need to start by setting the security on the IUnknown interface so that the Release method can be called and the object released. Also, by starting with IUnknown, the QueryInterface method can be called without problems. Once you have set the security for IUnknown, query for the default interface and apply CoSetProxyBlanket on it. At this point, you can call other methods without problems.
Copy the following constants and declaration for the CoSetProxyBlanket function into a standard (BAS) module:
Option Explicit ' Authentication service provider constants ' The default should be used. Public Const RPC_C_AUTHN_DEFAULT As Long = &HFFFFFFFF Public Const RPC_C_AUTHN_NONE As Long = 0 Public Const RPC_C_AUTHN_WINNT As Long = 10 ' Authorization Services Public Const RPC_C_AUTHZ_DEFAULT As Long = &HFFFFFFFF Public Const RPC_C_AUTHZ_NONE As Long = 0 Public Const RPC_C_AUTHZ_NAME As Long = 1 Public Const RPC_C_AUTHZ_DCE As Long = 2 ' Authentication level constants Public Const RPC_C_AUTHN_LEVEL_DEFAULT As Long = 0 Public Const RPC_C_AUTHN_LEVEL_NONE As Long = 1 Public Const RPC_C_AUTHN_LEVEL_CONNECT As Long = 2 Public Const RPC_C_AUTHN_LEVEL_CALL As Long = 3 Public Const RPC_C_AUTHN_LEVEL_PKT As Long = 4 Public Const RPC_C_AUTHN_LEVEL_PKT_INTEGRITY As Long = 5 Public Const RPC_C_AUTHN_LEVEL_PKT_PRIVACY As Long = 6 ' Impersonation level constants Public Const RPC_C_IMP_LEVEL_DEFAULT As Long = 0 Public Const RPC_C_IMP_LEVEL_ANONYMOUS As Long = 1 Public Const RPC_C_IMP_LEVEL_IDENTIFY As Long = 2 Public Const RPC_C_IMP_LEVEL_IMPERSONATE As Long = 3 Public Const RPC_C_IMP_LEVEL_DELEGATE As Long = 4 ' Constants for the capabilities Public Const EOAC_DEFAULT As Long = &H800 Public Const API_NULL As Long = 0 Public Const S_OK As Long = 0 Public Const EOAC_NONE As Long = &H0 Public Const EOAC_MUTUAL_AUTH As Long = &H1 Public Const EOAC_CLOAKING As Long = &H10 Public Const EOAC_SECURE_REFS As Long = &H2 Public Const EOAC_ACCESS_CONTROL As Long = &H4 Public Const EOAC_APPID As Long = &H8 Public Const COLE_DEFAULT_PRINCIPAL As Long = &HFFFFFFFF ' Function Declaration Public Declare Function CoSetProxyBlanket Lib "OLE32.DLL" ( _ ByVal pSD As Object, _ ByVal dwAuthnSvc As Long, _ ByVal dwAuthzSvc As Long, _ ByVal pServerPrincName As Long, _ ByVal dwAuthnlevel As Long, _ ByVal dwImpLevel As Long, _ ByVal pAuthInfo As Long, _ ByVal dwCapabilities As Long _ ) As Long ' Function Declaration for IUnknown ' You must have two separate declarations for IUnknown and IDispatch. ' Otherwise, Visual Basic will internally query for the declared interface. Public Declare Function CoSetProxyBlanketUnk Lib "OLE32.dll" Alias "CoSetProxyBlanket" ( _ ByVal pSD As stdole.IUnknown, _ ByVal dwAuthnSvc As Long, _ ByVal dwAuthzSvc As Long, _ ByVal pServerPrincName As Long, _ ByVal dwAuthnlevel As Long, _ ByVal dwImpLevel As Long, _ ByVal pAuthInfo As Long, _ ByVal dwCapabilities As Long _ ) As Long
In the section of the code where the server object is declared, use the Object keyword. If you need to set CoSetProxyBlanket on interfaces other than IUnknown and IDispatch, you need to use Microsoft Visual C++ or have a separate declaration of CoSetProxyBlanket.
Dim MyObj As Object
Dim MyObj as New MyLib.MyClass
In the section of your code where the object is instantiated, use the CreateObject function. Immediately after instantiating the object, call the CoSetProxyBlanket function as shown. To change specific authentication parameters in CoSetProxyBlanket, you need to replace the default setting with the desired constant.
Dim MyObj As Object Dim MyUnk As stdole.IUnknown Dim hr As Long ' Instantiate the object that is requesting the IUnknown interface. Set MyUnk = CreateObject("MyLib.MyClass") ' Set the security on IUnknown. hr = CoSetProxyBlanketUnk(MyUnk, _ RPC_C_AUTHN_DEFAULT, _ RPC_C_AUTHZ_DEFAULT, _ COLE_DEFAULT_PRINCIPAL, _ RPC_C_AUTHN_LEVEL_DEFAULT, _ RPC_C_IMP_LEVEL_DEFAULT, _ API_NULL, _ EOAC_DEFAULT) If (S_OK <> hr) Then MsgBox "CoSetProxyBlanket on IUnknown failed with error code: " _ & hr & " 0x", vbCritical, "CoSetProxyBlanket Failure" Exit Sub ' or Exit Function End If ' Query for the default interface. Set MyObj = MyUnk ' Set security on the default interface. hr = CoSetProxyBlanket(MyObj, _ RPC_C_AUTHN_DEFAULT, _ RPC_C_AUTHZ_DEFAULT, _ COLE_DEFAULT_PRINCIPAL, _ RPC_C_AUTHN_LEVEL_DEFAULT, _ RPC_C_IMP_LEVEL_DEFAULT, _ EOAC_DEFAULT, _ EOAC_NONE) If (S_OK <> hr) Then MsgBox "CoSetProxyBlanket failed with error code: " & hr & " 0x" _ , vbCritical, "CoSetProxyBlanket Failure" Exit Sub ' or Exit Function End If ' You can now call IDispatch methods in your object. MyObj.MyMethod
For more information about securing objects in code, click the following article number to view the article in the Microsoft Knowledge Base:
239561 How to use CoInitializeSecurity in Visual Basic
Keywords: kbhowto kbapi kbsecurity KB249636