views:

285

answers:

3

I work on an application that uses DCOM to communicate between what are essentially several peers; in the course of normal use, instances on separate machines serve a variety of objects to one another. Historically, for this to work we have used some magic incantations, chief among which is that on every machine the user must log into an account of the same name (note that these are local accounts; there is no domain available). Obviously, this is an aspect of our user experience that could be improved.

I would like to better understand how DCOM authentication works, but I am having difficulty assembling the whole story from the MSDN documentation for CoInitializeSecurity(), CoSetProxyBlanket(), and the like. Are there any thorough explanations available of how, exactly, DCOM operations are accepted or denied? Books, journals, web, any format is fine.

+1  A: 

Programming Windows Security by Keith Brown includes a thorough discussion of DCOM security. I can highly recommend this book.

Johannes Passing
A: 

You could also try to round up a copy of Inside Distributed COM by Guy and Henry Eddon (Microsoft Press) - It is out of print but amazon shows a number of used copies for sale:

http://www.amazon.com/Inside-Distributed-Com-Mps-Eddon/dp/157231849X/ref=sr_1_5?ie=UTF8&s=books&qid=1231968553&sr=8-5

Eli