If your server component is stored in the Session object the server will free the component in the security context of the Web server instead of the security context of the client who owned the session.

If your component requires that its cleanup, or destructor, method be run in the security context of the client, it should save the client's security context during its creation method so that it can recall this context during its cleanup.

You can obtain the security context of the client by calling the GetThreadToken(hToken) method. In your component's destructor method you can call the SetThreadToken(hToken) method to set the security context to the previously saved client's context. This procedure is outlined in the following example.

//saving the client's security context 
// . . . creation code

//make a copy of the current security context
//set the security context to the previously-saved client context
// . . . destruction code
//reset the thread to its standard security context

Note In the previous example, the standard security context is saved in hTokenSave before the object calls the SetThreadToken method. This enables you to reset the thread to its normal security context after the component instance is destroyed.

© Microsoft Corporation. All rights reserved.