Chapter 50. What Is the COM(+) Authentication Level?

Authentication in Windows is really about two things: helping the client and server develop trust in each other's identities (they're introduced to one another), and helping them exchange a cryptographic key (what we call the session key) to protect their communication channel. The COM authentication level for any given call controls whether authentication occurs at all and, if it does, how much protection you'll receive from that session key.

There are six levels, defined in order of increasing security.

  1. RPC_C_AUTHN_LEVEL_NONE

  2. RPC_C_AUTHN_LEVEL_CONNECT

  3. RPC_C_AUTHN_LEVEL_CALL

  4. RPC_C_AUTHN_LEVEL_PKT

  5. RPC_C_AUTHN_LEVEL_PKT_INTEGRITY

  6. RPC_C_AUTHN_LEVEL_PKT_PRIVACY

If a COM call goes out using the first level, ...

Get The .NET Developer's Guide to Windows Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.