| Author |
Restricting access to COM methods
|
|
| Sandeep 2006-01-25, 7:23 pm |
| Hi ,
I have an application which has a COM service and a c++ UI where the UI
interacts with the COM service.
What I want is a security mechanism to protect my methods exposed by
COM service to be called by unauthorized objects. Is there a way where
I can specify that only certain objects can call these COM methods ? Or
share a secret between the "client" and the COM service ?
Thanks
Sandeep
| |
| Robert Simpson 2006-01-25, 7:23 pm |
| The best way to do this is to create a special interace in a separate type
library that is not redistributed with your application, but who's header is
included in both of yours at compile time. This way only your applications
know the IID of the interface and its structure.
Robert
"Sandeep" <sandeepsinghal@gmail.com> wrote in message
news:1138198341.997426.298090@o13g2000cwo.googlegroups.com...
> Hi ,
>
> I have an application which has a COM service and a c++ UI where the UI
> interacts with the COM service.
> What I want is a security mechanism to protect my methods exposed by
> COM service to be called by unauthorized objects. Is there a way where
> I can specify that only certain objects can call these COM methods ? Or
> share a secret between the "client" and the COM service ?
>
> Thanks
> Sandeep
>
| |
| Martin Friedrich 2006-01-25, 7:23 pm |
| Sandeep,
"Sandeep" wrote:
> I have an application which has a COM service and a c++ UI where the UI
> interacts with the COM service.
> What I want is a security mechanism to protect my methods exposed by
> COM service to be called by unauthorized objects. Is there a way where
> I can specify that only certain objects can call these COM methods ? Or
> share a secret between the "client" and the COM service ?
Depending on the specifics of your application's deployment, you might want
to take a closer look into COM+'s role based security model.
Bye,
Martin Friedrich
| |
| Ben Voigt 2006-01-26, 7:08 pm |
|
"Sandeep" <sandeepsinghal@gmail.com> wrote in message
news:1138198341.997426.298090@o13g2000cwo.googlegroups.com...
> Hi ,
>
> I have an application which has a COM service and a c++ UI where the UI
> interacts with the COM service.
Is this actually a Win32 system service? Or a user app COM server?
Inter-process communication, right? Did you write the COM code, including
class factory, etc., or used a COM-aware language like VB? One way is to do
authentication in the class factory. This is how Microsoft and other
companies prevent you from developing code that uses an unlicensed ActiveX
control, even though the control is installed and working on your system
(working when used by an app written by a developer with a license).
> What I want is a security mechanism to protect my methods exposed by
> COM service to be called by unauthorized objects. Is there a way where
> I can specify that only certain objects can call these COM methods ? Or
> share a secret between the "client" and the COM service ?
>
> Thanks
> Sandeep
>
| |
| Sandeep 2006-01-26, 7:08 pm |
| Ben Voigt wrote:
> "Sandeep" <sandeepsinghal@gmail.com> wrote in message
> news:1138198341.997426.298090@o13g2000cwo.googlegroups.com...
>
> Is this actually a Win32 system service? Or a user app COM server?
It's a windows service....
> Inter-process communication, right? Did you write the COM code, including
> class factory, etc., or used a COM-aware language like VB? One way is to do
> authentication in the class factory. This is how Microsoft and other
The code is written completely in c++ ( VC7)
> companies prevent you from developing code that uses an unlicensed ActiveX
> control, even though the control is installed and working on your system
> (working when used by an app written by a developer with a license).
| |
| Alexander Nickolov 2006-01-26, 9:57 pm |
| Then COM licensing used with ActiveX Controls should work
for you as well. Check out IClassFactory2. ATL has direct
support via its DECLARE_CLASSFACTORY2 macro (you put it
in your ATL class). All you need to do is supply the licensing
class implementing your licensing policy. It should provide
3 static methods descibed in the documentation for the above
macro.
--
=====================================
Alexander Nickolov
Microsoft MVP [VC], MCSD
email: agnickolov@mvps.org
MVP VC FAQ: http://www.mvps.org/vcfaq
=====================================
"Sandeep" <sandeepsinghal@gmail.com> wrote in message
news:1138295181.206115.229670@o13g2000cwo.googlegroups.com...
> Ben Voigt wrote:
>
> It's a windows service....
>
>
> The code is written completely in c++ ( VC7)
>
>
| |
| Sandeep 2006-01-26, 9:57 pm |
|
Alexander Nickolov wrote:
> Then COM licensing used with ActiveX Controls should work
> for you as well. Check out IClassFactory2. ATL has direct
> support via its DECLARE_CLASSFACTORY2 macro (you put it
> in your ATL class). All you need to do is supply the licensing
> class implementing your licensing policy. It should provide
> 3 static methods descibed in the documentation for the above
> macro.
Is it still possible to use "GetAvtiveObject" method and get a
reference to the already created object ?
The scenario is like this :
- The com service runs all the time
- I have three client to it - There is a UI , Command Line Interface
and a Systray Interface.
- They use GetAvtiveObject to get a pointer to the Service
- Then obtain the pointers to different Interfaces supported by the
service
- I want no one else to be able to do that
Robert Simpson wrote:
> The best way to do this is to create a special interace in a separate type
> library that is not redistributed with your application, but who's header is
> included in both of yours at compile time. This way only your applications
> know the IID of the interface and its structure.
>
> Robert
This sounds like a good Idea .... But I would still like to explore the
IClassFactory2 approach as it appears to me that I can modify my
application with less number of modifications with the latter
suggestion ...
Comment ?
| |
| Alexander Nickolov 2006-01-27, 7:05 pm |
| If you register your object in ROT, you might as well not bother
with licensing - you are exposing it to everybody. IClassFactory2
and COM licensing only applies when creating an object instance.
E.g. CoCreateInstance[Ex] won't work and the client needs to
call CoGetClassObject and IClassFactory2::CreateInstanceLic.
--
=====================================
Alexander Nickolov
Microsoft MVP [VC], MCSD
email: agnickolov@mvps.org
MVP VC FAQ: http://www.mvps.org/vcfaq
=====================================
"Sandeep" <sandeepsinghal@gmail.com> wrote in message
news:1138328812.133549.223040@g43g2000cwa.googlegroups.com...
>
> Alexander Nickolov wrote:
>
> Is it still possible to use "GetAvtiveObject" method and get a
> reference to the already created object ?
>
> The scenario is like this :
> - The com service runs all the time
> - I have three client to it - There is a UI , Command Line Interface
> and a Systray Interface.
> - They use GetAvtiveObject to get a pointer to the Service
> - Then obtain the pointers to different Interfaces supported by the
> service
> - I want no one else to be able to do that
>
>
> Robert Simpson wrote:
>
> This sounds like a good Idea .... But I would still like to explore the
> IClassFactory2 approach as it appears to me that I can modify my
> application with less number of modifications with the latter
> suggestion ...
>
> Comment ?
>
|
|
|
|