CoInitializeSecurity (ole32)
Last changed: RobertChipperfield-

Registers security and sets the default security values for the process, but this can't be directly called from managed code.

public enum RpcAuthnLevel
    Default =   0,
    None    =   1,
    Connect =   2,
    Call    =   3,
    Pkt     =   4,
    PktIntegrity  =   5,
    PktPrivacy   =   6

public enum RpcImpLevel
    Default    =   0,
    Anonymous   =   1,
    Identify   =   2,
    Impersonate   =   3,
    Delegate   =   4

public enum EoAuthnCap
    None = 0x00,
    MutualAuth = 0x01,
    StaticCloaking= 0x20,
    DynamicCloaking= 0x40,
    AnyAuthority= 0x80,
    MakeFullSIC= 0x100,
    Default= 0x800,
    SecureRefs= 0x02,
    AccessControl= 0x04,
    AppID= 0x08,
    Dynamic= 0x10,
    RequireFullSIC= 0x200,
    AutoImpersonate= 0x400,
    NoCustomMarshal= 0x2000,
    DisableAAA= 0x1000

C# Signature:

public static extern int CoInitializeSecurity( IntPtr pVoid, int
    cAuthSvc,IntPtr asAuthSvc, IntPtr pReserved1, RpcAuthnLevel level,
    RpcImpLevel impers,IntPtr pAuthList, EoAuthnCap dwCapabilities, IntPtr
    pReserved3 );

VB .NET Signature:

Declare Function CoInitializeSecurity Lib "ole32.dll" (pVoid As IntPtr, _
   cAuthSvc As Integer, asAuthSvc() As SOLE_AUTHENTICATION_SERVICE, _
   pReserved1 As IntPtr, dwAuthnLevel As Integer, dwImpLevel As Integer, _
   pAuthList As IntPtr, dwCapabilities As Integer, pReserved3 As IntPtr) As Integer

User-Defined Types:



You shouldn't call CoInitializeSecurity from managed code. That's because the CLR will almost always call CoInitialize upon startup before execution enters your main method, and CoInitialize will implicitly call CoInitializeSecurity if it hasn't already been called. Therefore, calling this from managed code will usually return RPC_E_TOO_LATE.

The workaround is to write an unmanaged "shim" that will call CoInitializeSecurity, then activate and call into managed code. You can do this via an export from a mixed-mode C++ DLL, by registering a managed component for use by COM, or by using the CLR hosting API.

RPC_E_TOO_LATE (Update from Yahor Sinkevich):

Usually RPC_E_TOO_LATE happens when CoInitializeSecurity already called (implicitly or explicitly, it does no matter). When you using Visual Studio, it use so called "Visual Studio Hosting Process" where CoInitializeSecurity already called. Turn off Visual Studio hosting process and have fun, now you can debug your application that calls CoInitializeSecurity with no RPC_E_TOO_LATE error.

Sample Code:

/// <summary>
/// The main entry point for the application.
/// Do not set STAThread since CoInitializeSecurity is called
/// with to high security automatically (and it can only be called once).
/// </summary>
static void Main()
    // Set threading apartment
    System.Threading.Thread.CurrentThread.ApartmentState = ApartmentState.STA;
    CoInitializeSecurity( IntPtr.Zero, -1, IntPtr.Zero,
        IntPtr.Zero,RpcAuthnLevel.None ,
        RpcImpLevel.Impersonate,IntPtr.Zero, EoAuthnCap.None, IntPtr.Zero );

    Application.MainForm = new MainForm();