COM Authentication

Authentication is the process of verifying the identity of a user, based on the established credentials of the user (typically a user name and password). Windows CE uses the NTLM protocol (RPC_C_AUTHN_WINNT) to authenticate callers. This is the default authentication service for Component Object Model (COM) over Windows NT. However, there are some differences in the way Windows CE uses the authentication service.

Authentication Levels

Windows NT supports several levels of authentication for COM objects. For example, authentication can be disabled, or authentication can take place each time the client establishes a connection with the server, each time the client calls, or each time the client and the server exchange a packet of data.

Windows CE supports disabling authentication (RPC_C_AUTHN_LEVEL_NONE) and authentication at the connect level (RPC_C_AUTHN_LEVEL_CONNECT) only. At the connect level, DCOM does an authentication check the first time a client calls the server. If the client passes the check, no further authentication takes place on subsequent calls.

A DCOM object on Windows CE can make calls at any authentication level, but incoming calls will never arrive with an authentication level that is higher than "CONNECT" (RPC_C_AUTHN_LEVEL_NONE or RPC_C_AUTHN_LEVEL_CONNECT).

Impersonation

NTLM authentication is done without transferring the credentials of the user, which means that the server does not have access to the user name or password. On Windows NT, when a user is authenticated and connected to an object, the object runs with security credentials that belong to a connected client, an interactive user, or an explicitly specified user account. The security credentials that the object acquires in this process (called "impersonation") control the access of the object to system resources.

Because Windows CE does not provide access to control mechanisms for individual objects, impersonation is not supported, and the user has access to all system resources, except as protected by the Windows CE trust level.

See Also

COM Security | COM Access Control | DCOM Security Configuration Utility | Developing Secure ActiveX Controls | COM Registry Settings | Component Services (COM and DCOM) | Enhancing the Security of a Device

Last updated on Wednesday, April 13, 2005

© 2005 Microsoft Corporation. All rights reserved.