book

Learning DCOM

by Thuan L. Thai

April 1999

Intermediate to advanced

502 pages

15h 5m

English

O'Reilly Media, Inc.

Read now

Unlock full access

FTPFTPMAIL
Specifications and ReferencesThe ClassicsKnowledge Base ArticlesTechnical ArticlesOther Related Documentation

The Object-Oriented ModelEncapsulationInheritancePolymorphismThe Client/Server Model
Location TransparencyDynamic and Remote Object ActivationSecurityInterfacesLifetime Support and Dynamic DiscoveryBinary InteroperabilityConnection ManagementConcurrency ManagementReuseInterface RepositoryImplementation RepositoryStatic InvocationDynamic InvocationEvents
IUnknownMicrosoft Interface Definition LanguageMIDL basicsDefining a custom interface using MIDLExamining the attributes of IUnknownArrays and strings as interface method parametersCustom types as interface method parametersAdding more custom interfacesDefining a type libraryPublished interfaces must never changeReturn ValuesHRESULTCustom HRESULTsData TypesBase data typesAutomation compatible typesInterface Marshalers: Proxy and StubThe Binary LayoutDispatch and Dual InterfacesAn Interface Recap
Implementing InterfacesIUnknown RulesIdentity rulesExistence rulesImplementing COM ObjectsCOM object definition using the nested classes techniqueCOM object definition using the multiple inheritance techniqueImplementing IUnknown methodsImplementing other interface methods
Standard FactoriesCustom Factories
Server TypesOut-of-process serversIn-process serversInitialization and TerminationOut-of-process serversIn-process serversDynamic Activation SupportOut-of-process serversIn-process serversComponent LifetimeOut-of-process serversIn-process serversImplementation RegistrationOut-of-process serversIn-process serversRegistering interface marshalers
Initialization and TerminationCreating an ObjectCoCreateInstanceCoCreateInstanceExCoGetClassObjectClass monikersInitializing an ObjectUsing an ObjectDeleting an ObjectIn- and Out-of-Process Issues
EncapsulationPolymorphismReuseContainmentAggregationUsing objects that support aggregationDeveloping objects that support aggregation
Simple Data Types and Top-Level PointersSecondary and Embedded PointersCOM API functions for distributed memory managementManaging embedded pointersCharacter PointersAutomation Data TypesMemory management for a BSTRMemory management for a SAFEARRAY
Structure of a Marshaled Interface ReferenceActivationStandard MarshalingMore on activationRemote invocationCustom MarshalingThe object’s responsibilityThe custom proxy’s responsibilityHandler MarshalingAutomation MarshalingRemote Connection Management
Single-Threaded ApartmentBasic requirementsSynchronizationOther issuesSharing Interface Pointers Among ApartmentsMultithreaded ApartmentBasic requirementsSynchronizationOther issuesOut-of-Process Server ConsiderationsIn-Process Server ConsiderationsThreadingModel=“” (default)ThreadingModel=“Apartment”ThreadingModel=“Free”ThreadingModel=“Both”Free-Threaded MarshalerPerformance
Configurable SecurityMachine-wide securityApplication-wide securityApplication identityProgrammable SecurityGeneral application-wide security on both the client and server sideAccess security on the server sideActivation security on the client sideCall-level security on the client sideUsing the security context on the server side
Generated InterfaceGenerated Implementation
Implementing Interface MethodsAdding a Custom InterfaceAdding Another Dual Interface
Initializing and Uninitializing COMCreating the User Interface
Creating an Interface Wrapper ClassThe COleDispatchDriver ClassUsing COM Interfaces with Generated Wrappers
The #import StatementUsing COM Interfaces with Smart PointersNative C++ Compiler FeaturesMore on smart pointersException handling
Remote Activation API FunctionsUsing COM Interfaces Manually
The RemotePtr ClassUsing the RemotePtr Class
Creating the ProjectAdding an ActiveX ControlMerging the Proxy/Stub CodeAdding PropertiesAdding MethodsStep 1: Merging the proxy/stub code for external (remote) interfacesStep 2: Reusing the RemotePtr classStep 3: Coding the OcrImage method
Control ButtonsServer Name and Image LocationWang Image Edit ActiveX ControlOCR ResultsATLCyberOcr ActiveX ControlComplete HTML and VBScript Source CodeProblems with COM over the InternetProblems with securityProblems with firewalls or proxy servers
Creating an MFC ActiveX Control ProjectUnderstanding the generated codeCreating the user interfaceUsing an ActiveX control within an ActiveX controlImplementing the ActiveX Control: CMFCCyberServerCtrlCMFCCyberServerCtrl::OnCreateCMFCCyberServerCtrl::OnDrawImplementing CImagingWindowCImagingWindow::OnCreateCImagingWindow::OnSizeHandling command messages
Creating the ProjectAdding a Composite ControlCreating the User InterfacePutting common controls onto the compositePutting ActiveX controls onto the compositeTesting the user interfaceImplementationImporting the embedded ActiveX controlAdding command handlers in ATLTesting the final product
Playing with Property PagesStep 1: Creating the applicationStep 2: Adding the two viewsStep 3: Adding a splitter windowStep 4: Putting the two ActiveX controls on their appropriate viewsStep 5: Showing the property pagesAdding a Property to CMFCCyberServerCtrl
Creating the Project and a COM ObjectImplementing the SecureOcrImage MethodValidating the Invocation
Constructor and DestructorGetting the Access TokenGetting User InformationGetting Group Information
Creating Message FilesCreating a message file for your componentCompiling a message fileUpdating the Registry with Event Source InformationLogging Messages
Administrative Alert SetupGenerating an Administrative Alert
Setting the Authentication IdentitySetting the Process-Wide SecurityMerging Proxy/Stub Code into a Client EXE ComponentUsing Activation SecurityUsing Call SecurityHandling ErrorsTesting and Understanding COM SecurityTest Scenario I—Observing call-level security and logged eventsTest Scenario II—Observing administrative alertsTest Scenario III—Observing activation security
Creating the ChatBroker ComponentAdding a Broker COM ObjectThe IRegisterChatServer interfaceThe IDiscussions interfaceCaching a List of DiscussionsCChatDiscussionList::AddDiscussionCChatDiscussionList::RemoveDiscussionCChatDiscussionList::GetDiscussionListCChatDiscussionList::GetChatServerCChatDiscussionList::GetSizeChatBroker’s special condition for component lifetime managementImplementing the Interface MethodsMerging Proxy/Stub Code into a Server EXE Component
Creating an Event Source ObjectAdding a Connection PointStep 1: Define a callback interface using MIDLStep 2: Implement a connection point objectStep 3: Add a connection point to the event source objectReceiving and Disseminating a Chat MessageThe Responsibility of the ChatServer ApplicationHandling of command-line optionsRegistering interface marshalersOpening and closing the discussionRunning the ChatServer
Creating the ChatClient ProjectCreating the user interface and adding command handlersMerging proxy/stub code into a project without an IDL FileConnecting to and Disconnecting from a ChatBrokerJoining and Leaving a Chat DiscussionSending a Chat MessageReceiving Chat Messages
Runtime that Simplifies Component Development and UsageHide nonbusiness logic complexitiesSimplify component development and usageServices that Support Large-Scale Enterprise Needs
The main( ) routineThe Class FactoryThe COM Object

Content preview from Learning DCOM

Server-Side COM Security

In this section, you’ll learn how to deal with COM security on the server side. You’ll start by creating an application to which you’ll add additional security features throughout this chapter.

Creating the Project and a COM Object

Let’s begin by developing a brand new server component:

Use the ATL COM AppWizard to create an Executable(EXE) component and name it SecureOcrServer.
Add a Simple Object to this new component using the ATL Object Wizard.
Name this COM object SecureOcrProcessor.
In the Attributes page of the ATL Object Wizard Properties dialog, check Support ISupportErrorInfo. You do this so that you can later return customized error descriptions to the client. We’ll illustrate a way to return your own messages back to the client to describe the problem that exists on the server. Not only is this valuable in deployed systems, but it’s very valuable for debugging purposes.
Add a method called SecureOcrImage to the ISecureOcrProcessor interface. To make it simple, we will not add any parameter to this method, since all we’re interested in is security handling.

Implementing the SecureOcrImage Method

Now that you have a component and a simple COM object, here’s the plan. A client application will invoke the SecureOcrImage function that you’ve just added. Within this method, the server component will obtain the security context of the invocation and will validate the call. If you can validate the call, you will impersonate the client and perform work in place ...