OPCNETApi and DCOM Hardening|Page 3|Classic OPC: DA, A&E, HDA, XML-DA, etc.|Forum|OPC Foundation

Hello, I have downloaded the 109 version.

I used the OPC DA sample Client to perform my DCOM testing.

In file …\NET API\Sample Client\Da\MainForm.cs Line 878 there is loop for connecting to the OPC Server :

m_server.Connect(…)

The first time we execute this function, the connection doesn’t work because we are not providing credentials explicitly.

So the  function “Allocate” from file …\NET API\COM Wrapper\OpcCom.Interop.cs doesn’t provide the pAuthInfo in the serverInfo structure:

Line 465 :

serverInfo.pAuthInfo = (credential != null) ? m_hAuthInfo.AddrOfPinnedObject() : IntPtr.Zero;

And so the RPC_C_AUTHN_LEVEL_PKT_INTEGRITY  level is not set !

I would suggest to always set the pAuthInfo info into serverInfo structure:

serverInfo.pAuthInfo = m_hAuthInfo.AddrOfPinnedObject()

If no explicit credentials are provided then process credentials (eg current windows user credentials) are used for DCOM.

Let me know if you agree on my proposal.

I spent several days before understanding all of that.

I used 2 Virtual Machines to make DCOM testing, using Windows Event viewer, Wireshark to check which level of authentication was used for DCOM.

Then I modified the code like I explained in my previous post. And checked, using whireshark that the level of authentication was now at the right level (eg RPC_C_AUTHN_LEVEL_PKT_INTEGRITY). 

For my testing I used Schneider Electric OPC DA server (eg OFS DA). Everything is working fine, DCOM connexion was established without providing explicit credentials on Windows 10 machine requesting DCOM RPC_C_AUTHN_LEVEL_PKT_INTEGRITY level.