WMI--Windows API--EOLE_AUTHENTICATION_CAPABILITIES

COM
EOLE_AUTHENTICATION_CAPABILITIES
See Also  

The EOLE_AUTHENTICATION_CAPABILITIES enumeration constants set various capabilities in CoInitializeSecurity and IClientSecurity::SetBlanket (or its helper function CoSetProxyBlanket).
这个EOLE_AUTHENTICATION_CAPABILITIES枚举常量在CoInitializeSecurity和IClientSecurity::SetBlanket (或辅助函数CoSetProxyBlanket)中设置各种容量。
  Copy Code
typedef enum tagEOLE_AUTHENTICATION_CAPABILITIES {
    EOAC_NONE                    = 0x0,
    EOAC_MUTUAL_AUTH             = 0x1,
    EOAC_SECURE_REFS             = 0x2,
    EOAC_ACCESS_CONTROL          = 0x4,
    EOAC_APPID                   = 0x8,
    EOAC_DYNAMIC                 = 0x10,
    EOAC_STATIC_CLOAKING         = 0x20,
    EOAC_DYNAMIC_CLOAKING        = 0x40,
    EOAC_ANY_AUTHORITY           = 0x80,
    EOAC_MAKE_FULLSIC            = 0x100,
    EOAC_REQUIRE_FULLSIC         = 0x200,
    EOAC_AUTO_IMPERSONATE        = 0x400,
    EOAC_DEFAULT                 = 0x800,
    EOAC_DISABLE_AAA             = 0x1000,
    EOAC_NO_CUSTOM_MARSHAL       = 0x2000
} EOLE_AUTHENTICATION_CAPABILITIES;
 

Elements
EOAC_NONE
Indicates that no capability flags are set.
指示没有容量flags设置。
EOAC_MUTUAL_AUTH
Unused.
未使用
If this flag is specified, it will be ignored.
如果指定这个flag，它将被忽略。
Support for mutual authentication is automatically provided by some authentication services.
支持相互认证是通过一些身份验证服务自动提供的。
See COM and Security Packages for more information.
请看COM and Security Packages的更多信息。

EOAC_SECURE_REFS
Authenticates distributed reference count calls to prevent malicious users from releasing objects that are still being used.
验证分布式的引用计数器调用防止恶意的用户释放正在被使用的对象。
If this flag is set, which can be done only in a call to CoInitializeSecurity by the client, the authentication level (in dwAuthnLevel) cannot be set to none.
如果设置这个flag，它只能通过客户端在调用CoInitializeSecurity的身份认证级别(在dwAuthnLevel中)不能不设置。
Note: 
注意：
The server always authenticates Release calls.
这个服务器总是验证发布调用。
Setting this flag prevents an authenticated client from releasing the objects of another authenticated client.
设置这个flag防止一个已经验证的客户端去释放对象的另一个验证的客户端。
It is recommended that clients always set this flag, although performance is affected because of the overhead associated with the extra security.
它是推荐的总是实则hi这个flag，尽管因为额外的安全性的相关开销影响性能。

EOAC_ACCESS_CONTROL
Indicates that the pVoid parameter to CoInitializeSecurity is a pointer to an IAccessControl interface on an access control object.
指示这个pVoid这个参数到CoInitializeSecurity是一个指针指向在访问控制对象上的一个IAccessControl接口。
When DCOM makes security checks, it calls IAccessControl::IsAccessAllowed.
当DCOM使得安全检查，它调用IAccessControl::IsAccessAllowed。
This flag is set only by the server.
这个flag仅由服务器设置。

EOAC_APPID
Indicates that the pVoid parameter to CoInitializeSecurity is a pointer to a GUID that is an AppID.
指示这个pVoid这个参数到CoInitializeSecurity是一个指针指向一个GUID它是一个AppID。
The CoInitializeSecurity function looks up the AppID in the registry and reads the security settings from there.
这个CoInitializeSecurity函数在注册表中查找AppID并且从那里读入安全设置。
If this flag is set, all other parameters to CoInitializeSecurity are ignored and must be zero.
如果设置这个flag，所有其它参数到CoInitializeSecurity将被忽略并且必须是0。
Only the server can set this flag.
只有服务器可以设置这个flag。
For more information about this capability flag, see the Remarks section below.
更多信息根关于容量flag，请看下面的备注部分。

EOAC_DYNAMIC
This flag is not currently supported.
这个flag目前不被支持。

EOAC_STATIC_CLOAKING
Sets static cloaking.
设置为静态伪装。
When this flag is set, DCOM uses the thread token (if present) when determining the client's identity.
当设置这个flag时，当明确客户端身份时DCOM使用线程令牌(如果出现)。
However, the client's identity is determined on the first call on each proxy (if SetBlanket is not called) and each time CoSetProxyBlanket is called on the proxy.
当时，客户端身份是明确的在每个代理上的第一调用(如果SetBlanket没有调用)和每次CoSetProxyBlanket在代理上的调用。
This flag can be set by clients only, for use with Windows 2000 and later versions.
这个flag只可以由客户端设置，使用在 Windows 2000 和更高版本。
For more information about static cloaking, see Cloaking.
更多信息关于静态伪装，请看 Cloaking。

EOAC_DYNAMIC_CLOAKING
Sets dynamic cloaking.
设置动态伪装。
When this flag is set, DCOM uses the thread token (if present) when determining the client's identity.
当设置这个flag时，当明确客户端的身份时DCOM使用线程令牌(如果出现)。
On each call to a proxy, the current thread token is examined to determine whether the client's identity has changed (incurring an additional performance cost) and the client is authenticated again only if necessary.
在每个调用到的代理上，这个当前线程令牌被仔细检查去决定哪一个客户端身份已经改变(引起额外性能的开销)和如果必要则客户端身再次份验证。
Dynamic cloaking can be set by clients only, for use with Windows 2000 and later versions.
动态伪装只可以由客户端设置，使用在Windows 2000和更高版本。
For more information about dynamic cloaking, see Cloaking.
更多信息关于动态伪装，请看Cloaking。

EOAC_ANY_AUTHORITY
The use of this flag is deprecated.
不赞成使用这个flag。
Tells DCOM to trust an SChannel server certificate even if the top level certificate authority is not trusted.
表明DCOM信任一个SChanel服务器证书即使如果这个顶层证书权利不被信任。
That is, when a call arrives using SChannel, DCOM will allow the call even if the top level certificate authority is not installed on the machine.
也就是说，当一个调用到达使用SChannel时，DCOM将允许这个调用即使如果这个顶层证书权利是在这个机器上没有安装。
Care must be taken when specifying this flag because having an untrusted root severely compromises session security.
当指定这个flag因为有一个不信任的根严重地损害了session的安全，必须注意。
Applications should use this flag only if manual validation of the server certificate is performed.
只有在人工确认的服务器证书已经执行时，应用程序使用这个flag。
This flag can be set by clients only and can be used with Windows 2000 and later versions.
这个flag只可以由客户端设置，使用在Windows 2000和更高版本。

EOAC_MAKE_FULLSIC
Causes DCOM to send SChannel server principal names in fullsic format to clients as part of the default security negotiation.
引起DCOM在fullsic格式去发送SChanle服务器主体名称到客户端作为默认安全协商的部分。
The name is extracted from the server certificate.
这个名称是从服务证书中提取的。
This flag is for use with Windows 2000 and later versions.
这个值可以使用在Windows 2000和更高版本。
For more information about the fullsic form, see Principal Names.
更多信息关于fullsic形式，请看Principal Names。

EOAC_REQUIRE_FULLSIC
Causes DCOM to fail CoSetProxyBlanket calls where an SChannel principal name is specified in any format other than fullsic.
CoSetProxyBlanket调用那里指定一个以任意格式的SChanle主体名称不是fullsic将引起DCOM失败。
This flag is currently for clients only.
这个flag只是当前客户。
For more information about the fullsic form, see Principal Names.
更多信息关于fullsic形式，请看Principal Names。

EOAC_AUTO_IMPERSONATE
This flag is not currently supported.
这个flag当前不被支持。

EOAC_DEFAULT
Tells DCOM to use the valid capabilities from the call to CoInitializeSecurity.
表明DCOM使用有效的容量从调用CoInitializeSecurity中。
If CoInitializeSecurity was not called, EOAC_NONE will be used for the capabilities flag.
如果没有调用CoInitializeSecurity，EOAC_NONE将被使用这个容量flag。
This value can be used with Windows 2000 and later versions.
这个值可以使用在Windows 2000和更高版本。
This flag can be set only by clients in a call to IClientSecurity::SetBlanket or CoSetProxyBlanket.
这个flag只可以在客户端设置在IClientSecurity::SetBlanket或CoSetProxyBlanket中调用。

EOAC_DISABLE_AAA
Causes any activation where a server process would be launched under the caller's identity (activate-as-activator) to fail with E_ACCESSDENIED.
引起任何激活，一个服务器进程会被在调用者身份(激活-作为-激活因子)开始到失败用E_ACCESSDENIED。
This value, which can be specified only in a call to CoInitializeSecurity by the client, allows an application that runs under a privileged account (such as LocalSystem) to help prevent its identity from being used to launch untrusted components.
这个值只可以由客户端在调用CoInitializeSecurity时指定，运行应应用程序运行在特权账户(如本地系统)去帮助防止它的身份被使用在开始被信任的组件下。
It can be used with Windows 2000 and later versions.
这个值可以使用在Windows 2000和更高版本。
Note:
注意：
An activation call that uses CLSCTX_ENABLE_AAA of the CLSCTX enumeration will allow activate-as-activator activations for that call.
一个激活的调用使用CLSCTX_ENABLE_AAA的CLSCTX枚举将允许激活-作为-激活因子的激活调用。

EOAC_NO_CUSTOM_MARSHAL
Specifying this flag helps protect server security when using DCOM or COM+.
当使用DCOM或COM时指定这个flag帮助保护服务器安全。
It reduces the chances of executing arbitrary DLLs because it allows the marshaling of only CLSIDs that are implemented in ole32.dll, comadmin.dll, comsvcs.dll, or es.dll, or that implement the CATID_MARSHALER category ID.
它减少随意执行DLLs的机会，因为它只允许在ole32.dll, comadmin.dll, comsvcs.dll, 或 es.dll，或实现CATID_MARSHALER类型ID中序列化的CLSIDs的实现。
This value can be used with Windows 2000 and later versions.
这个值可以使用在Windows 2000和更高版本。
Note: 
注意：
Any service that is critical to system operation should set this flag.
任何服务是临界到系统操作的应该设置这个flag。

Remarks
When the EOAC_APPID flag is set, CoInitializeSecurity looks for the authentication level under the AppID.
当这个flag设置为EOAC_APPID时，CoInitializeSecurity在AppID下寻找身份验证等级。
If the authentication level is not found, it looks for the default authentication level.
如果这个身份验证等级没有找到，它寻找默认的身份验证等级。
If the default authentication level is not found, it generates a default authentication level of connect.
如果默认的身份验证等级没有找到，它生成一个默认连接的身份验证等级。
If the authentication level is not RPC_C_AUTHN_LEVEL_NONE, CoInitializeSecurity looks for the access permission value under the AppID.
如果身份验证等价不是RPC_C_AUTHN_LEVEL_NONE，CoInitializeSecurity寻找在AppID下的访问权限值。
If not found, it looks for the default access permission value.
如果没有找到，它寻找默认的访问权限值。
If not found, it generates a default access permission.
如果没有找到，她生成默认访问权限。
All the other security settings are determined the same way as for a legacy application.
所有的其它安全设置确定以相同的方式作为遗留应用程序。
The CoInitializeSecurity function returns an error if both the EOAC_APPID and EOAC_ACCESS_CONTROL flags are set.
如果EOAC_APPID和EOAC_ACCESS_CONTROL flags都被设置，CoInitializeSecurity函数返回一个错误。
The IClientSecurity::SetBlanket method and CoSetProxyBlanket function return an error if any of the following flags are set in the capabilities parameter: EOAC_SECURE_REFS, EOAC_ACCESS_CONTROL, EOAC_APPID, EOAC_DYNAMIC, EOAC_REQUIRE_FULLSIC, EOAC_DISABLE_AAA, or EOAC_NO_CUSTOM_MARSHAL.
如果以下的EOAC_SECURE_REFS, EOAC_ACCESS_CONTROL, EOAC_APPID, EOAC_DYNAMIC, EOAC_REQUIRE_FULLSIC, EOAC_DISABLE_AAA, 或 EOAC_NO_CUSTOM_MARSHAL中任意一个flags在容量参数中设置， IClientSecurity::SetBlanket方法和CoSetProxyBlanket函数返回一个错误。
CoInitializeSecurity and IClientSecurity::SetBlanket return errors if both cloaking flags are set or if either flag is set when SChannel is the authentication service.
如果设置伪装flags或当SChanle是身份验证服务时设置任何一个flag，CoInitializeSecurity 和IClientSecurity::SetBlanket返回错误。

Requirements
For an explanation of the requirement values, see Requirements (COM).

Windows NT/2000/XP: Requires Windows NT 4.0 or later.

Windows 95/98: Requires Windows 95 or later. Available as a redistributable for Windows 95.

Header: Declared in objidl.h.

See Also
Reference
CoInitializeSecurity
IClientSecurity::SetBlanket
CoSetProxyBlanket
IAccessControl

Send comments about this topic to Microsoft.