Re: Problem with CoSetProxyBlanket and WMI/WBEM, please help!!

From: Alexander Nickolov (agnickolov_at_mvps.org)
Date: 08/11/04


Date: Tue, 10 Aug 2004 23:05:02 -0700

Obviously not from the script directly, you need code written
in C++. Check out LogonUser, ImpersonateLoggedOnUser,
RevertToSelf. Using COM+ the way you suggest is even simpler,
just ensure your COM+ component is set to run in a separate
process and you can pick the user it runs under (I think). For
COM+ questions, your best bet would be:

microsoft.public.platformsdk.complus_mts

-- 
=====================================
Alexander Nickolov
Microsoft MVP [VC], MCSD
email: agnickolov@mvps.org
MVP VC FAQ: http://www.mvps.org/vcfaq
=====================================
"elazar" <elazar@thebroadfamily.com> wrote in message
news:8546fcb7.0408102005.96ced60@posting.google.com...
> How would I do this from active server pages? Would I have to write a
> DLL that imports the WBEM locator interface and set COM+ permissions
> on that DLL(which I would rather not do) to allow the IWAM_Computer
> account to access it, or is there a way to do it with
> CoInitializeSecurity?
>
>
> "Alexander Nickolov" <agnickolov@mvps.org> wrote in message
news:<uV$Z8ejfEHA.556@tk2msftngp13.phx.gbl>...
> > You impersonate another user on the thread that you call it from.
> >
> > -- 
> > =====================================
> > Alexander Nickolov
> > Microsoft MVP [VC], MCSD
> > email: agnickolov@mvps.org
> > MVP VC FAQ: http://www.mvps.org/vcfaq
> > =====================================
> >
> > "elazar" <elazar@thebroadfamily.com> wrote in message
> > news:8546fcb7.0408071755.76a1bbe0@posting.google.com...
> > > Then how would I set security on the WMBEM locator interface?
> > >
> > >
> > > "Alexander Nickolov" <agnickolov@mvps.org> wrote in message
> >  news:<#YnjMN9eEHA.2544@TK2MSFTNGP10.phx.gbl>...
> > > > CoSetProxyBlanket only works on standard proxies, not
> > > > on direct pointers (nor custom marshaled objects). Since
> > > > AFAIK WMI is in-proc, unless you have an incompatible
> > > > apartment type (which would not be possible if its threading
> > > > model is both), you can't set a security blanket on it.
> > > >
> > > > -- 
> > > > =====================================
> > > > Alexander Nickolov
> > > > Microsoft MVP [VC], MCSD
> > > > email: agnickolov@mvps.org
> > > > MVP VC FAQ: http://www.mvps.org/vcfaq
> > > > =====================================
> > > >
> > > > "elazar" <elazar@thebroadfamily.com> wrote in message
> > > > news:8546fcb7.0408052001.2847506d@posting.google.com...
> > > > > Hi,
> > > > >  I am trying to use CoSetProxyBlanket with WMI's scripting
interface
> > > > > and the call keeps returning with E_INVALIDINTERFACE(80004002).
Heres
> > > > > my scenario, I am a domain reseller, and I am handling DNS for my
> > > > > customers. I want to give them access to their DNS records, and
the
> > > > > only way to do this is through WMI. I don't want to give the
> > > > > IWAM_Computer account access to WMI because of security reasons.
So
> > > > > what I want to do is write a component to act as proxy between IIS
and
> > > > > WMI that will connect to WMI using different credentials. I copied
the
> > > > > code from Microsofts site that shows you how to use
CoSetProxyBlanket
> > > > > in Visual Basic(my preferred language), and it keeps failing.
Heres
> > > > > the code:
> > > > >
> > > > > ----------------------------------------------
> > > > > 249636 - How To Use the CoSetProxyBlanket Function in Visual Basic
> > > > > http://support.microsoft.com/default.aspx?scid=kb;EN-US;249636
> > > > > ----------------------------------------------
> > > > > Option Explicit
> > > > >
> > > > > ' Authentication service provider constants
> > > > > ' the default should be used.
> > > > > Public Const RPC_C_AUTHN_NONE                  As Long = 0
> > > > > Public Const RPC_C_AUTHN_WINNT                 As Long = 10
> > > > > Public Const RPC_C_AUTHN_DEFAULT               As Long =
&HFFFFFFFF
> > > > >
> > > > > ' Authorization Services
> > > > > Public Const RPC_C_AUTHZ_NONE    As Long = 0
> > > > > Public Const RPC_C_AUTHZ_NAME    As Long = 1
> > > > > Public Const RPC_C_AUTHZ_DCE     As Long = 2
> > > > > Public Const RPC_C_AUTHZ_DEFAULT As Long = &HFFFFFFFF
> > > > >
> > > > > ' Authentication level constants
> > > > > Public Const RPC_C_AUTHN_LEVEL_DEFAULT         As Long = 0
> > > > > Public Const RPC_C_AUTHN_LEVEL_NONE            As Long = 1
> > > > > Public Const RPC_C_AUTHN_LEVEL_CONNECT         As Long = 2
> > > > > Public Const RPC_C_AUTHN_LEVEL_CALL            As Long = 3
> > > > > Public Const RPC_C_AUTHN_LEVEL_PKT             As Long = 4
> > > > > Public Const RPC_C_AUTHN_LEVEL_PKT_INTEGRITY   As Long = 5
> > > > > Public Const RPC_C_AUTHN_LEVEL_PKT_PRIVACY     As Long = 6
> > > > >
> > > > > ' Impersonation level constants
> > > > > Public Const RPC_C_IMP_LEVEL_ANONYMOUS         As Long = 1
> > > > > Public Const RPC_C_IMP_LEVEL_IDENTIFY          As Long = 2
> > > > > Public Const RPC_C_IMP_LEVEL_IMPERSONATE       As Long = 3
> > > > > Public Const RPC_C_IMP_LEVEL_DELEGATE          As Long = 4
> > > > >
> > > > > ' Constants for the capabilities
> > > > > Public Const API_NULL                          As Long = 0
> > > > > Public Const S_OK                              As Long = 0
> > > > > Public Const EOAC_NONE                         As Long = &H0
> > > > > Public Const EOAC_MUTUAL_AUTH                  As Long = &H1
> > > > > Public Const EOAC_CLOAKING                     As Long = &H10
> > > > > Public Const EOAC_SECURE_REFS                  As Long = &H2
> > > > > Public Const EOAC_ACCESS_CONTROL               As Long = &H4
> > > > > Public Const EOAC_APPID                        As Long = &H8
> > > > >
> > > > > ' Function Declaration
> > > > > Public Declare Function CoSetProxyBlanket Lib "OLE32.DLL" ( _
> > > > >   ByVal pSD As Object, _
> > > > >   ByVal dwAuthnSvc As Long, _
> > > > >   ByVal dwAuthzSvc As Long, _
> > > > >   ByVal pServerPrincName As Long, _
> > > > >   ByVal dwAuthnlevel As Long, _
> > > > >   ByVal dwImpLevel As Long, _
> > > > >   ByVal pAuthInfo As Long, _
> > > > >   ByVal dwCapabilities As Long _
> > > > >   ) As Long
> > > > >
> > > > >     'the object is institiated this way(not with the 'New'
statement)
> > > > > so that security can be set before the object is created.
> > > > >
> > > > >     Dim MyObj As MyLib.MyClass 'substitute MyLib.MyClass with
> > > > > WBEMScripting.SWBEMLocator
> > > > >
> > > > >     Dim MyUnk As stdole.IUnknown
> > > > >     Dim hr As Long
> > > > >
> > > > >     ' instantiate object requesting IUnknown interface
> > > > >     Set MyUnk = New MyLib.MyClass
> > > > >
> > > > >      ' setting security on IUnknown
> > > > >     hr = CoSetProxyBlanket(MyUnk, _
> > > > >         RPC_C_AUTHN_WINNT, _
> > > > >         RPC_C_AUTHZ_DEFAULT, _
> > > > >         ByVal API_NULL, _
> > > > >         RPC_C_AUTHN_LEVEL_NONE, _
> > > > >         RPC_C_IMP_LEVEL_IDENTIFY, _
> > > > >         API_NULL, _
> > > > >         EOAC_NONE)
> > > > >
> > > > >     If (S_OK <> hr) Then
> > > > >         MsgBox "CoSetProxyBlanket on IUnknown failed with error
code:
> > > > > " _
> > > > >         & hr & " 0x", vbCritical, "CoSetProxyBlanket Failure"
> > > > >         Exit Sub ' or Exit Function
> > > > >     End If
> > > > >
> > > > >      ' Quering for the default interface
> > > > >     Set MyObj = MyUnk
> > > > >
> > > > >      ' setting security on the default interface
> > > > >     hr = CoSetProxyBlanket(MyObj, _
> > > > >         RPC_C_AUTHN_WINNT, _
> > > > >         RPC_C_AUTHZ_DEFAULT, _
> > > > >         ByVal API_NULL, _
> > > > >         RPC_C_AUTHN_LEVEL_NONE, _
> > > > >         RPC_C_IMP_LEVEL_IDENTIFY, _
> > > > >         API_NULL, _
> > > > >         EOAC_NONE)
> > > > >
> > > > >     If (S_OK <> hr) Then
> > > > >         MsgBox "CoSetProxyBlanket failed with error code: " & hr &
"
> > > > > 0x" _
> > > > >         , vbCritical, "CoSetProxyBlanket Failure"
> > > > >         Exit Sub   ' or Exit Function
> > > > >     End If
> > > > >
> > > > >     ' you can now call methods in your object
> > > > >     MyObj.MyMethod
> > > >
>
  --------------------------------------------------------------------------
> > > >  -----
> > > > > I think its failing because no interface is created until the
> > > > > ConnectServer(method of SWBEMLocator class) function is called,
but I
> > > > > don't know for sure. If anyone can enlighten me on this, it would
be
> > > > > much appreciated. If you post any code, please try to do it in
Visual
> > > > > Basic as that is my stronger language(I can understand VC++ too,
but
> > > > > not as well). You can e-mail me or post a reply.
> > > > >
> > > > > Thanks,
> > > > >  Elazar