OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Arunkumar (akumarOMNESYSINDIA.COM)
Date: Mon Mar 18 2002 - 04:19:45 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ConInitializeSecurity does not fail in my case
    It returns 0 - only the securiy information is
    not added to the proxy and i get E_ACCESSDENIED
    from CoGetClassObject

    The same code works perfectly fine when called remotely

    No i dont do any marshalling myself in my code

    arun

    ----- Original Message -----
    From: "Jonas Blunck TACMa" <jobuTAC.SE>
    To: <DCOMDISCUSS.MICROSOFT.COM>
    Sent: Monday, March 18, 2002 3:12 PM
    Subject: Re: caller identification and local proxies in win2k - E_ACCESSDE
    NIED in CoGetClassObject

    > What's the HRESULT from CoInitializeSecurity?
    >
    > Have any marshalling been done prior the call to CoInitializeSecurity?
    >
    > // B
    >
    > -----Original Message-----
    > From: Pratyu M [mailto:pratyu22YAHOO.COM]
    > Sent: den 15 mars 2002 13:40
    > To: DCOMDISCUSS.MICROSOFT.COM
    > Subject: Re: caller identification and local proxies in win2k -
    > E_ACCESSDENIED in CoGetClassObject
    >
    >
    > Hi,
    >
    > I just did a little expt. It seems that CoInitializeSecurity fails if
    client
    > and server are on the same machine. The credentials of logged on user are
    > passed on instead.
    >
    > So I guess, in your case, if you add the logged on user to roles, things
    > will work fine.
    >
    > Will anyone kindly explain why CoInitSec fails if both client and server
    are
    > on same machine?
    >
    >
    >
    > On Fri, 15 Mar 2002 13:26:44 +0530, ArunKumar <akumarOMNESYSINDIA.COM>
    > wrote:
    >
    > >Well i tried passing login info abt an application role member in the
    > >COAUTHINFO of CoCreateInstance also ( not the currently logged in user)
    > >- its the same result
    > >
    > >Client is able to contact the server in the sense that E_ACCESSDENIED
    > >is returned and not server unavailable etc - is that what u meant ?
    > >
    > >arun
    > >
    > >ps:Launch permissions are set either using machine wide DCOM settings
    > >(Everyone in my case) or applications specific using role settings
    > >right ?
    > >
    > >
    > >----- Original Message -----
    > >From: "Pratyu M" <pratyu22YAHOO.COM>
    > >To: <DCOMDISCUSS.MICROSOFT.COM>
    > >Sent: Friday, March 15, 2002 11:45 AM
    > >Subject: Re: caller identification and local proxies in win2k -
    > >E_ACCESSDENIED in CoGetClassObject
    > >
    > >
    > >> My understanding of the problem is that the logged in user doesnot
    > >> have launch permission. In that case, you must pass a different user
    > credential
    > >> in the COAUTHINFO structure of COSERVERINFO in CoCreateInstanceEx and
    > this
    > >> user should have launch permission.
    > >>
    > >> Now if that is the case, the client should be able to contact server
    > >> (without passing coauthinfo) if the server is launched before client.
    > >> is this happening?
    > >>
    > >>
    > >> On Fri, 15 Mar 2002 11:23:05 +0530, ArunKumar
    > >> <akumarOMNESYSINDIA.COM>
    > >> wrote:
    > >>
    > >> >hi
    > >> >
    > >> >I want to set a differnt caller identification other than the
    > >> process/thread token
    > >> >- it works REMOTELY using CoInitializeSecurity with the correct
    > pAuthList
    > >> parameter
    > >> >
    > >> >Now i want to do the same with the process running LOCALLY on a w2k
    > >machine
    > >> >and iam not able to do it due to E_ACCESSDENIED error from
    > >CogetClassObject
    > >> >
    > >> >Setup - w2k
    > >> > Iam running my COM+ package under a particulr identity (This User)
    > >> > I have set security enabled and all the roles correctly
    > >> > I have also enabled all the interfaces and methods explicitly
    > >> >for
    > ALL
    > >> the roles
    > >> > The current logged in user is an account that is not member of
    > >> > any
    > of
    > >> these roles OR the This user id
    > >> > ACLS for the DLLS are set with full control to Everyone ( TIp
    > >> > from
    > >> Dcom Archives)
    > >> > And the default Access/Launch permission for DCOM also has the
    > >Evryone
    > >> in its list( TIp from Dcom Archives)
    > >> > I call CoInitializeSecurity as mentioned previously with
    > >> > security
    > >> parameter set to one of the role logins
    > >> > i tried it with EOAC_NONE & EOAC_STATIC_CLOAKING also - same
    > >result
    > >> >
    > >> >
    > >> >Result
    > >> > I get E_ACCESSDENIED from CogetClassObject
    > >> > Security audit logs say accessdenied for the currently login
    > >> >user
    > for
    > >> lauching th package
    > >> > If i remove the reuires security setting from the COM+ package
    > >> > it
    > >> works
    > >> >
    > >> >
    > >> >Obviously the identity i want to be set on the proxies is not being
    > >done -
    > >> Iam ready to call
    > >> >CoSetproxyBlanket or wahetever on the inetrfaces i recieve but if i
    > >> >cant
    > >> even get the
    > >> >CoGtClassobject to work then how do i go abt it ?
    > >> >
    > >> >
    > >> >if its not possible using CoInitializeSecurity i have no probs
    > >> >changing
    > >> the identification token for
    > >> >my whole process as such also - a sample code would be of great help
    > >> >-
    > >> >
    > >> >
    > >> >Thanks for all comments in advance
    > >> >arun
    > >> >
    > >> >----------------------------------------------------------------
    > >> >Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
    > >> >contains important info. Save time, search the archives at
    > >> >http://discuss.microsoft.com/archives/index.html . To unsubscribe,
    > >> >mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM
    > >>
    > >> ----------------------------------------------------------------
    > >> Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
    > >> contains important info. Save time, search the archives at
    > >> http://discuss.microsoft.com/archives/index.html . To unsubscribe,
    > >> mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM
    > >>
    > >
    > >----------------------------------------------------------------
    > >Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
    > >contains important info. Save time, search the archives at
    > >http://discuss.microsoft.com/archives/index.html . To unsubscribe,
    > >mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM
    >
    > ----------------------------------------------------------------
    > Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
    > contains important info. Save time, search the archives at
    > http://discuss.microsoft.com/archives/index.html . To unsubscribe,
    > mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM
    >
    > ----------------------------------------------------------------
    > Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
    > contains important info. Save time, search the archives at
    > http://discuss.microsoft.com/archives/index.html .
    > To unsubscribe, mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM

    ----------------------------------------------------------------
    Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
    contains important info. Save time, search the archives at
    http://discuss.microsoft.com/archives/index.html .
    To unsubscribe, mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM