Skip to content

Latest commit

 

History

History
141 lines (99 loc) · 3.48 KB

authenticating-the-service-provider.md

File metadata and controls

141 lines (99 loc) · 3.48 KB
title description ms.assetid keywords ms.topic ms.date
Authenticating the Service Provider
Authenticating the Service Provider
e48a8a7c-0277-4f0c-bad2-5bc9d0286da8
Windows Media Device Manager,authentication
Device Manager,authentication
programming guide,authentication
service providers,authentication
creating service providers,authentication
authentication
how-to
05/31/2018

Authenticating the Service Provider

To be accessible from Windows Media Device Manager, a service provider must inherit and implement the IComponentAuthenticate interface.

To authenticate itself, a service provider performs the following steps:

  1. On instantiation, it creates a new global CSecureChannelServer object and sets the certificate and key values from its key file.
  2. It implements the IComponentAuthenticate::SACAuth and IComponentAuthenticate::SACGetProtocols methods by simply passing the parameters into its global CSecureChannelServer member.
  3. Before handling any implemented Windows Media Device Manager methods, the service provider must verify the caller's authentication by calling CSecureChannelServer::fIsAuthenticated, and failing if the caller is not authenticated.

These steps are shown in the following C++ examples.

Creating the CSecureChannelServer object

CMyServiceProvider::CMyServiceProvider()
{
    HRESULT hr = S_OK;

    // Create the persistent SAC object.
    g_pSAC = new CSecureChannelServer();

    // Set the SAC certificate.
    if (g_pSAC)
    {
        hr = g_pSAC->SetCertificate(
             SAC_CERT_V1,
            (BYTE*)abCert, sizeof(abCert), // SP's certificate.
            (BYTE*)abPVK, sizeof(abPVK)    // SP's key.
        );
    }   
    if (FAILED(hr)) return hr;

    //... Perform other class initialization here ...

    return hr;
}

Implementing the IComponentAuthenticate methods

STDMETHODIMP CMDServiceProvider::SACAuth(
    DWORD   dwProtocolID,
    DWORD   dwPass,
    BYTE   *pbDataIn,
    DWORD   dwDataInLen,
    BYTE  **ppbDataOut,
    DWORD  *pdwDataOutLen)
{
    HRESULT hr = S_OK;

    // Verify that the global CSecureChannelServer member still exists.
    if (!g_pSAC)
        return E_FAIL;

    // Just pass the call to the global SAC member.
    hr = g_pSAC->SACAuth(
        dwProtocolID,
        dwPass,
        pbDataIn, dwDataInLen,
        ppbDataOut, pdwDataOutLen
    );
    return hr;
}

STDMETHODIMP CMDServiceProvider::SACGetProtocols(
    DWORD **ppdwProtocols,
    DWORD  *pdwProtocolCount)
{
    HRESULT hr = E_FAIL;

    if (!g_pSAC)
        return hr;

    hr = g_pSAC->SACGetProtocols(
        ppdwProtocols,
        pdwProtocolCount
    );
    return hr;
}

Verifying the caller's authentication

The following code example shows a service provider checking the caller's authentication as part of its implementation of the IMDServiceProvider interface.

STDMETHODIMP CMyServiceProvider::GetDeviceCount(DWORD * pdwCount)
{
    HRESULT hr = S_OK;
    if (!g_pSAC)
        return E_FAIL;

    if (!(g_pSAC->fIsAuthenticated()))
        return WMDM_E_NOTCERTIFIED;

    *pdwCount = m_DeviceCount;

    return hr;
}

Related topics

Creating a Service Provider