CAccessToken::OpenThreadToken
Call this method to set the impersonation level and then initialize the CAccessToken with the token from the given thread.
bool OpenThreadToken(
DWORD dwDesiredAccess,
bool bImpersonate = false,
bool bOpenAsSelf = true,
SECURITY_IMPERSONATION_LEVEL sil = SecurityImpersonation
) throw(...);
Parameters
dwDesiredAccess
Specifies an access mask that specifies the requested types of access to the access token. These requested access types are compared with the token's DACL to determine which accesses are granted or denied.bImpersonate
If true, the thread will be left at the requested impersonation level after this method completes. If false, the thread will revert to its original impersonation level.bOpenAsSelf
Indicates whether the access check is to be made against the security context of the thread calling the GetThreadToken method or against the security context of the process for the calling thread.If this parameter is false, the access check is performed using the security context for the calling thread. If the thread is impersonating a client, this security context can be that of a client process. If this parameter is true, the access check is made using the security context of the process for the calling thread.
sil
Specifies a SECURITY_IMPERSONATION_LEVEL enumerated type that supplies the impersonation level of the token.
Return Value
Returns true on success, false on failure.
Remarks
OpenThreadToken is similar to CAccessToken::GetThreadToken, but sets the impersonation level before initializing the CAccessToken from the thread's access token.
The CAutoRevertImpersonation Class can be used to automatically revert impersonated access tokens created by setting the bImpersonate flag to true.
Requirements
Header: atlsecurity.h