//Get the callers collection, which will allow us to examine everyone in the chain.
// another
method to get the number of caller in the chain
_variant_t Callers ;
pCallCtx->get_Item (_bstr_t("Callers"), &Callers) ;
ISecurityCallersColl *pCallersColl ;
((IUnknown *) Callers)->QueryInterface (IID_ISecurityCallersColl,
(void **)&pCallersColl) ;
pCallersColl->get_Count (&CallersCount) ;
for (l = 0 ; l <
CallersCount ; l++)
{
/*
For each caller in the chain, get the account name.
*/
ISecurityIdentityColl *pSecIdentColl ;
pCallersColl->get_Item (l, &pSecIdentColl) ;
_variant_t
ThisAccountName ;
pSecIdentColl->get_Item (_bstr_t ("AccountName"), &ThisAccountName)
;
Display ("The l th AccountName is: ",ThisAccountName);
}
Code Explain:
| Item | Description | Index name | Returned type |
|---|---|---|---|
| SID | The security identifier of the caller. | "SID" | V_ARRAY |
| Account Name | The account name that the caller is using. | "AccountName" | V_BSTR |
| Authentication Service | The authentication service used by the caller, such as NTLMSSP, Kerberos, or SSL. | "AuthenticationService" | V_I4 |
| Impersonation Level | The impersonation level, which indicates how much authority the caller has been given to act on a client's behalf. | "ImpersonationLevel" | V_I4 |
| Authentication Level | The authentication level used by the caller, which indicates the amount of protection given during the call. | "AuthenticationLevel" | V_I4 |
The ISecurityCallersColl provides access to information about individual callers in a collection of callers
You can feed the AccountName to the method ISecurityCallContext::IsUserInRole( ) to find out if any of the intervening callers belonged (or didn't belong) to the role that you wanted (or didn't want). Or you can use the SID of anyone in the call chain that you care about if you want to do any really hairy NT security stuff, .