Well i tried passing login info abt an application role member in the
COAUTHINFO
of CoCreateInstance also ( not the currently logged in user) - its the same
result

Client is able to contact the server in the sense that E_ACCESSDENIED is
returned
and not server unavailable etc - is that what u meant ?

arun

ps:Launch permissions are set either using machine wide DCOM settings
(Everyone in my case) or applications specific using role settings right ?

----- Original Message -----
From: "Pratyu M" <pratyu22YAHOO.COM>
To: <DCOMDISCUSS.MICROSOFT.COM>
Sent: Friday, March 15, 2002 11:45 AM
Subject: Re: caller identification and local proxies in win2k -
E_ACCESSDENIED in CoGetClassObject

> My understanding of the problem is that the logged in user doesnot have
> launch permission. In that case, you must pass a different user credential
> in the COAUTHINFO structure of COSERVERINFO in CoCreateInstanceEx and this
> user should have launch permission.
>
> Now if that is the case, the client should be able to contact server
> (without passing coauthinfo) if the server is launched before client. is
> this happening?
>
>
> On Fri, 15 Mar 2002 11:23:05 +0530, ArunKumar <akumarOMNESYSINDIA.COM>
> wrote:
>
> >hi
> >
> >I want to set a differnt caller identification other than the
> process/thread token
> >- it works REMOTELY using CoInitializeSecurity with the correct pAuthList
> parameter
> >
> >Now i want to do the same with the process running LOCALLY on a w2k
machine
> >and iam not able to do it due to E_ACCESSDENIED error from
CogetClassObject
> >
> >Setup - w2k
> > Iam running my COM+ package under a particulr identity (This User)
> > I have set security enabled and all the roles correctly
> > I have also enabled all the interfaces and methods explicitly for ALL
> the roles
> > The current logged in user is an account that is not member of any of
> these roles OR the This user id
> > ACLS for the DLLS are set with full control to Everyone ( TIp from
> Dcom Archives)
> > And the default Access/Launch permission for DCOM also has the
Evryone
> in its list( TIp from Dcom Archives)
> > I call CoInitializeSecurity as mentioned previously with security
> parameter set to one of the role logins
> > i tried it with EOAC_NONE & EOAC_STATIC_CLOAKING also - same
result
> >
> >
> >Result
> > I get E_ACCESSDENIED from CogetClassObject
> > Security audit logs say accessdenied for the currently login user for
> lauching th package
> > If i remove the reuires security setting from the COM+ package it
> works
> >
> >
> >Obviously the identity i want to be set on the proxies is not being
done -
> Iam ready to call
> >CoSetproxyBlanket or wahetever on the inetrfaces i recieve but if i cant
> even get the
> >CoGtClassobject to work then how do i go abt it ?
> >
> >
> >if its not possible using CoInitializeSecurity i have no probs changing
> the identification token for
> >my whole process as such also - a sample code would be of great help -
> >
> >
> >Thanks for all comments in advance
> >arun
> >
> >----------------------------------------------------------------
> >Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
> >contains important info. Save time, search the archives at
> >http://discuss.microsoft.com/archives/index.html .
> >To unsubscribe, mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM
>
> ----------------------------------------------------------------
> Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
> contains important info. Save time, search the archives at
> http://discuss.microsoft.com/archives/index.html .
> To unsubscribe, mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM
>

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]