WMI--Windows API--CoSetProxyBlanket

原文来自MSDN Library for Visual Studio 2008 SP1，翻译部分仅为个人观点，想要看更多信息请看MSDN，如有版权问题请联系QQ 643166601，邮件643166601@qq.com

 

COM
CoSetProxyBlanket
See Also  
Sets the authentication information that will be used to make calls on the specified proxy.
在指定代理上生成调用使用设置身份验证信息。
This is a helper function for IClientSecurity::SetBlanket.
这是一个IClientSecurity::SetBlanket的辅助函数。
  Copy Code
HRESULT CoSetProxyBlanket(
  IUnknown * pProxy,
  DWORD dwAuthnSvc,
  DWORD dwAuthzSvc,
  WCHAR * pServerPrincName,
  DWORD dwAuthnLevel,
  DWORD dwImpLevel,
  RPC_AUTH_IDENTITY_HANDLE pAuthInfo,
  DWORD dwCapabilities
);
 

Parameter
pProxy

[in] Indicates the proxy to set.
[in] 指定代理设置。
dwAuthnSvc

[in] A single DWORD value from the list of RPC_C_AUTHN_xxx constants, indicating the authentication service to use.
一个简单的DWORD值来自RPC_C_AUTHN_xxx常量列表，指示使用的身份验证服务。
It may be RPC_C_AUTHN_NONE if no authentication is required.
如果不需要身份验证它可以是RPC_C_AUTHN_NONE。
If RPC_C_AUTHN_DEFAULT is specified, DCOM will pick an authentication service following its normal security blanket negotiation algorithm.
如果指定RPC_C_AUTHN_DEFAULT，DCOM将要挑选一个身份验证服务从以下正常的安全指针协商算法。
dwAuthzSvc

[in] A single DWORD value from the list of RPC_C_AUTHZ_xxx constants, indicating the authorization service to use.
一个简单的DWORD值来自RPC_C_AUTHN_xxx常量列表，指示使用的身份验证服务。
If RPC_C_AUTHZ_DEFAULT is specified, DCOM will pick an authorization service following its normal security blanket negotiation algorithm.
如果指定RPC_C_AUTHN_DEFAULT，DCOM将要挑选一个身份验证服务从以下正常的安全指针协商算法。
RPC_C_AUTHZ_NONE should be used as the authorization service if NTLMSSP, Kerberos, or SChannel is used as the authentication service.
如果使用NTLMSSP, Kerberos, 或 SChannel作为身份验证服务应该使用RPC_C_AUTHZ_NONE身份验证服务应。
pServerPrincName

[in] Pointer to a WCHAR string that indicates the server principal name to use with the authentication service.
指向一个WCHAR string指示服务主体名称的身份验证服务使用。
If COLE_DEFAULT_PRINCIPAL is specified, DCOM will pick a principal name using its security blanket negotiation algorithm.
如果指定COLE_DEFAULT_PRINCIPAL，DCOM将挑选一个主体名称使用安全指针协商算法。
If Kerberos is used as the authentication service, this value must not be NULL.
如果使用Kerberos作为身份验证服务，这个值必须不是NULL。
It must be the correct principal name of the server or the call will fail.
它必须是服务器的正确的主体名称否则调用失败。
If SChannel is used as the authentication service, this value must be one of the msstd or fullsic forms described in Principal Names, or NULL if you do not want mutual authentication.
如果身份验证服务是SChannel，如果你不想相互身份验证这个值必须是msstd或fullsic或NULL中的一个。
Generally, specifying NULL will not reset the server principal name on the proxy; rather, the previous setting will be retained.
一般来说，指定NULL将不重置代理服务器的主体名，相反之前的设置将被保留。
You must be careful when using NULL as pServerPrincName when selecting a different authentication service for the proxy, because there is no guarantee that the previously set principal name would be valid for the newly selected authentication service.
当代理选择一个不同身份验证服务时你必须小心使用NULL作为pServerPrincName值，因为没有之前设置的代主体名称保证是新选择的身份验证服务是有效的。
dwAuthnLevel

[in] A single DWORD value from the list of RPC_C_AUTHN_LEVEL_xxx constants, indicating the authentication level to use.
一个简单的DWORD值来自RPC_C_AUTHN_LEVEL_xxx常量列表，指示使用的身份验证服务。
If RPC_C_AUTHN_LEVEL_DEFAULT is specified, DCOM will pick an authentication level following its normal security blanket negotiation algorithm.
如果指定RPC_C_AUTHN_LEVEL_DEFAULT，DCOM将挑选一个身份验证等级在以下正常安全指针协商算法中。
If this value is none, the authentication service must also be none.
如果这个值是没有，这个身份验证服务也必须是没有。
dwImpLevel

[in] A single DWORD value from the list of RPC_C_IMP_LEVEL_xxx constants, indicating the impersonation level to use.
一个DWORD值来自RPC_C_IMP_LEVEL_xxx常量列表，指示使用的模拟级别。
If RPC_C_IMP_LEVEL_DEFAULT is specified, DCOM will pick an impersonation level following its normal security blanket negotiation algorithm.
如果指定RPC_C_IMP_LEVEL_DEFAULT，DCOM将挑选模拟级别以下正常安全指针协商算法。
If NTLMSSP is the authentication service, this value must be RPC_C_IMP_LEVEL_IMPERSONATE or RPC_C_IMP_LEVEL_IDENTIFY.
如果NTLMSSP是身份验证服务，这个值必须是PC_C_IMP_LEVEL_IMPERSONATE 或 RPC_C_IMP_LEVEL_IDENTIFY。
In Windows 2000 and later versions, NTLMSSP also supports delegate-level impersonation (RPC_C_IMP_LEVEL_DELEGATE) on the same machine.
在Windows 2000及更高版本，NTLMSSP还支持在相同机器上的委托等级模拟(RPC_C_IMP_LEVEL_DELEGATE)。
If SChannel is the authentication service, this parameter must be RPC_C_IMP_LEVEL_IMPERSONATE.
如果SChannel是身份验证服务，这个参数必须是RPC_C_IMP_LEVEL_IMPERSONATE。
pAuthInfo

[in] Pointer to an RPC_AUTH_IDENTITY_HANDLE value that establishes the identity of the client.
指向一个RPC_AUTH_IDENTITY_HANDLE值确定客户端身份。
This parameter is not used for calls on the same machine.
这个参数不能在相同的机器上使用。
The format of the structure referred to by the handle depends on the provider of the authentication service.
这个结构体的格式被交给句柄，依赖身份验证服务提供者。
For NTLMSSP or Kerberos, the structure is a SEC_WINNT_AUTH_IDENTITY or SEC_WINNT_AUTH_IDENTITY_EX structure.
对于NTLMSSP 或 Kerberos，这个结构体是一个a SEC_WINNT_AUTH_IDENTITY 或 SEC_WINNT_AUTH_IDENTITY_EX的结构体。
The client must ensure that the memory remains valid and unchanged until a different identity is set on the proxy or until all proxies on the object are released. (On Windows XP SP 2, Windows Server 2003 SP 1, and Windows Vista, this is no longer a requirement, unless the client tries to obtain the credentials set on the proxy by calling CoQueryProxyBlanket.)
这个客户端必须确保内存仍然有效并且直到在代理上设置一个不同身份没有改变或直到所有释放对象的代理。(在Windows XP SP 2, Windows Server 2003 SP 1, 和 Windows Vista上这不再是一个要求，除非客户端尝试通过调用CoQueryProxyBlanket去获得代理的证书。)
If NULL is specified, DCOM uses the current proxy identity (which is either the process token or the impersonation token).
如果指定为NULL,DCOM使用挡墙代理身份(这是进程令牌或模拟令牌).
If the handle refers to a structure, that identity is used.
如果这个handle引用一个结构体，使用身份验证。
For SChannel, this parameter must be either a pointer to a CERT_CONTEXT that contains the client's X.509 certificate or NULL if the client wishes to make an anonymous connection to the server.
对于SChannel，这个参数必须是一个指针指向CERT_CONTEXT，客户端的X.509证书或如果客户端希望生成一个i额匿名连接到服务器是NULL。
If a certificate is specified, the caller must not free it as long as any proxy to the object exists in the current apartment.
如果指定了证书调用者必须不可以释放它只要任何代理到对象存在当前单元。
For Snego, this parameter either is NULL or points to a SEC_WINNT_AUTH_IDENTITY_EX structure.
对于Snego，这个参数是NULL或一个指向SEC_WINNT_AUTH_IDENTITY_EX结构体。
If it is NULL, Snego will pick a list of authentication services based on those available on the client machine.
如果它是NULL,Snego将挑选基于身份验证服务列表的客户机变量。

If non-NULL, the structure's PackageList member must point to a string containing a comma-separated list of authentication service names and the PackageListLength member must give the number of bytes in the PackageList string.
如果非NULL，这个结构体的PackageList成员必须指向一个字符串包含一个逗号分隔的身份验证服务名称list和PackageListLength成员必须给出PackageList 字符串的字节数。
If PackageList is NULL, all calls using Snego will fail.
如果PackageList是NULL,所有调用使用Snego将失败。
If COLE_DEFAULT_AUTHINFO is specified for this parameter, DCOM will pick the authentication information following its normal security blanket negotiation algorithm.
如果这个参数指定COLE_DEFAULT_AUTHINFO，DCOM将挑选身份验证信息在以下正常安全指针协商算法。
CoSetProxyBlanket will return an error if pAuthInfo is set and one of the cloaking flags is set in dwCapabilities.
如果设置pAuthInfo并且在dwCapabilities设置cloaking flags，CoSetProxyBlanket将返回一个错误。
dwCapabilities

[in] A DWORD defining flags that specify the capabilities of this proxy, which are defined in the EOLE_AUTHENTICATION_CAPABILITIES enumeration.
一个DWORD定义flags指定这个代理的能力，它是在EOLE_AUTHENTICATION_CAPABILITIES枚举中定义的。
The only flags that can be set through this function are EOAC_MUTUAL_AUTH, EOAC_STATIC_CLOAKING, EOAC_DYNAMIC_CLOAKING, EOAC_ANY_AUTHORITY (this flag is deprecated), EOAC_MAKE_FULLSIC, and EOAC_DEFAULT.
通过这个函数这个唯一的flags可以设置是EOAC_MUTUAL_AUTH, EOAC_STATIC_CLOAKING, EOAC_DYNAMIC_CLOAKING, EOAC_ANY_AUTHORITY (这个flag不赞成使用), EOAC_MAKE_FULLSIC, 和 EOAC_DEFAULT.
Either EOAC_STATIC_CLOAKING or EOAC_DYNAMIC_CLOAKING can be set if pAuthInfo is not set and SChannel is not the authentication service. (See Cloaking for more information.)
如果pAuthInfo没有设置并且SChannel不是身份验证服务则要么设置EOAC_STATIC_CLOAKING要么设置EOAC_DYNAMIC_CLOAKING。
If any capability flags other than those mentioned here are set, CoSetProxyBlanket will return an error.
如果任何能力flags而不是这些在这里被提到的设置，CoSetProxyBlanket将返回一个错误。
Return Values
S_OK

Success.
成功。
E_INVALIDARG

One or more arguments is invalid.
一个或更多参数是无效的。
Remarks
CoSetProxyBlanket sets the authentication information that will be used to make calls on the specified proxy.
CoSetProxyBlanket设置身份验证信息，在生成在指定代理上调用使用。
This function encapsulates the following sequence of common calls (error handling excluded):
这个函数封装了以下常用的序列调用(错误处理除外)：
  Copy Code
    pProxy->QueryInterface(IID_IClientSecurity, (void**)&pcs);
    pcs->SetBlanket(pProxy, dwAuthnSvc, dwAuthzSvc, pServerPrincName,
        dwAuthnLevel, dwImpLevel, pAuthInfo, dwCapabilities);
    pcs->Release();
 

This sequence calls QueryInterface on the proxy to get a pointer to IClientSecurity, and with the resulting pointer, calls IClientSecurity::SetBlanket and then releases the pointer.
这个序列调用QueryInterface在代理上获得一个到IClientSecurity的指针，用结果指针调用IClientSecurity::SetBlanket并且释放这个指针。
For more information about how to use this function, see the Remarks section of the IClientSecurity::SetBlanket method.
更多信息关于如何使用这个函数，请看IClientSecurity::SetBlanket方法的Remarks部分。
Requirements
For an explanation of the requirement values, see Requirements (COM).

Windows NT/2000/XP: Requires Windows NT 4.0 or later.

Windows 95/98: Requires Windows 95 or later. Available as a redistributable for Windows 95.

Header: Declared in objbase.h.

Library: Use ole32.lib.

See Also
Reference
IClientSecurity::SetBlanket
CoQueryProxyBlanket

Concepts
Security in COM
Setting Security at the Interface Proxy Level

Send comments about this topic to Microsoft.