COM settings in OPC Classic client components: Difference between revisions

This article describes the internal effects of the UseCustomSecurity, TurnOffCallSecurity, TurnOffActivationSecurity and EnsureDataIntegrity settings.

COM and proxy initialization:

• Without UseCustomSecurity: CoInitializeSecurity is not called, CoSetProxyBlanket is not called
• With UseCustomSecurity (the default): CoInitializeSecurity is called, CoSetProxyBlanket is called

CoInitializeSecurity parameters:

• Without TurnOffCallSecurity (the default): dwAuthnLevel = Common authentication level (see below); dwImpLevel = RPC_C_IMP_LEVEL_IMPERSONATE (3); pSecDesc = CSecurityDescriptor::InitializeFromThreadToken()>
• With TurnOffCallSecurity: dwAuthnLevel = RPC_C_AUTHN_LEVEL_NONE (1); dwImpLevel = RPC_C_IMP_LEVEL_IMPERSONATE (3); pSecDesc = NULL

CoSetProxyBlanket parameters: dwAuthnLevel and dwImpLevel are the same as those used with CoInitializeSecurity.

COAUTHINFO* pAuthInfo in COSERVERINFO* passed to CoCreateInstanceEx (when machine name is not empty):

• Without TurnOffActivationSecurity (the default): dwAuthnSvc = RPC_C_AUTHN_NONE; dwAuthzSvc = RPC_C_AUTHZ_NONE; pwszServerPrincName = NULL; dwAuthnLevel = RPC_C_AUTHN_LEVEL_NONE; dwImpersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE; pAuthIdentityData = NULL; dwCapabilities = EOAC_NONE;
• With TurnOffActivationSecurity: NULL

(see https://docs.microsoft.com/en-us/windows/win32/com/turning-off-activation-security?redirectedfrom=MSDN)

Common authentication level: In QuickOPC versions up to 2021.3: Always RPC_C_AUTHN_LEVEL_CONNECT (2). In QuickOPC versions 2022.1 and later:

• Without EnsureDataIntegrity (the default): RPC_C_AUTHN_LEVEL_CONNECT (2).
• With EnsureDataIntegrity: RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (5). For KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414).