MSDN Library

Windows Development

Security and Identity

Authorization

Authorization Reference

Authorization Functions

AccessCheck

AccessCheckAndAuditAlarm

AccessCheckByType

AccessCheckByTypeAndAuditAlarm

AccessCheckByTypeResultList

AccessCheckByTypeResultListAndAuditAlarm

AccessCheckByTypeResultListAndAuditAlarmByHandle

AddAccessAllowedAce

AddAccessAllowedAceEx

AddAccessAllowedObjectAce

AddAccessDeniedAce

AddAccessDeniedAceEx

AddAccessDeniedObjectAce

AddAce

AddAuditAccessAce

AddAuditAccessAceEx

AddAuditAccessObjectAce

AddConditionalAce

AddMandatoryAce

AddResourceAttributeAce

AddScopedPolicyIDAce

AdjustTokenGroups

AdjustTokenPrivileges

AllocateAndInitializeSid

AllocateLocallyUniqueId

AreAllAccessesGranted

AreAnyAccessesGranted

AuditComputeEffectivePolicyBySid

AuditComputeEffectivePolicyByToken

AuditEnumerateCategories

AuditEnumeratePerUserPolicy

AuditEnumerateSubCategories

AuditFree

AuditLookupCategoryGuidFromCategoryId

AuditLookupCategoryIdFromCategoryGuid

AuditLookupCategoryName

AuditLookupSubCategoryName

AuditQueryPerUserPolicy

AuditQuerySecurity

AuditQuerySystemPolicy

AuditSetPerUserPolicy

AuditSetSecurity

AuditSetSystemPolicy

AuthzAccessCheck

AuthzAccessCheckCallback

AuthzAddSidsToContext

AuthzCachedAccessCheck

AuthzComputeGroupsCallback

AuthzEnumerateSecurityEventSources

AuthzFreeAuditEvent

AuthzFreeCentralAccessPolicyCache

AuthzFreeContext

AuthzFreeGroupsCallback

AuthzFreeHandle

AuthzFreeResourceManager

AuthzGetInformationFromContext

AuthzInitializeCompoundContext

AuthzInitializeContextFromAuthzContext

AuthzInitializeContextFromSid

AuthzInitializeContextFromToken

AuthzInitializeObjectAccessAuditEvent

AuthzInitializeObjectAccessAuditEvent2

AuthzInitializeRemoteResourceManager

AuthzInitializeResourceManager

AuthzInitializeResourceManagerEx

AuthzInstallSecurityEventSource

AuthzModifyClaims

AuthzModifySecurityAttributes

AuthzModifySids

AuthzOpenObjectAudit

AuthzRegisterCapChangeNotification

AuthzRegisterSecurityEventSource

AuthzReportSecurityEvent

AuthzReportSecurityEventFromParams

AuthzSetAppContainerInformation

AuthzUninstallSecurityEventSource

AuthzUnregisterCapChangeNotification

AuthzUnregisterSecurityEventSource

BuildExplicitAccessWithName

BuildImpersonateExplicitAccessWithName

BuildImpersonateTrustee

BuildSecurityDescriptor

BuildTrusteeWithName

BuildTrusteeWithObjectsAndName

BuildTrusteeWithObjectsAndSid

BuildTrusteeWithSid

CheckTokenCapability

CheckTokenMembership

CheckTokenMembershipEx

ConvertSecurityDescriptorToStringSecurityDescriptor

ConvertSidToStringSid

ConvertStringSecurityDescriptorToSecurityDescriptor

ConvertStringSidToSid

ConvertToAutoInheritPrivateObjectSecurity

CopySid

CreatePrivateObjectSecurity

CreatePrivateObjectSecurityEx

CreatePrivateObjectSecurityWithMultipleInheritance

CreateRestrictedToken

CreateSecurityPage

CreateWellKnownSid

DeleteAce

DestroyPrivateObjectSecurity

DSCreateSecurityPage

DSCreateISecurityInfoObject

DSCreateISecurityInfoObjectEx

DSEditSecurity

DuplicateToken

DuplicateTokenEx

EditSecurity

EditSecurityAdvanced

EqualDomainSid

EqualPrefixSid

EqualSid

FindFirstFreeAce

FreeInheritedFromArray

FreeSid

GetAce

GetAclInformation

GetAppContainerNamedObjectPath

GetAuditedPermissionsFromAcl

GetEffectiveRightsFromAcl

GetExplicitEntriesFromAcl

GetFileSecurity

GetInheritanceSource

GetKernelObjectSecurity

GetLengthSid

GetMultipleTrustee

GetMultipleTrusteeOperation

GetNamedSecurityInfo

GetPrivateObjectSecurity

GetSecurityDescriptorControl

GetSecurityDescriptorDacl

GetSecurityDescriptorGroup

GetSecurityDescriptorLength

GetSecurityDescriptorOwner

GetSecurityDescriptorRMControl

GetSecurityDescriptorSacl

GetSecurityInfo

GetSidIdentifierAuthority

GetSidLengthRequired

GetSidSubAuthority

GetSidSubAuthorityCount

GetTokenInformation

GetTrusteeForm

GetTrusteeName

GetTrusteeType

GetUserObjectSecurity

GetWindowsAccountDomainSid

ImpersonateAnonymousToken

ImpersonateLoggedOnUser

ImpersonateNamedPipeClient

ImpersonateSelf

InitializeAcl

InitializeSecurityDescriptor

InitializeSid

IsTokenRestricted

IsValidAcl

IsValidSecurityDescriptor

IsValidSid

IsWellKnownSid

LookupAccountName

LookupAccountSid

LookupPrivilegeDisplayName

LookupPrivilegeName

LookupPrivilegeValue

LookupSecurityDescriptorParts

MakeAbsoluteSD

MakeSelfRelativeSD

MapGenericMask

NtCompareTokens

ObjectCloseAuditAlarm

ObjectDeleteAuditAlarm

ObjectOpenAuditAlarm

ObjectPrivilegeAuditAlarm

OpenProcessToken

OpenThreadToken

PrivilegeCheck

PrivilegedServiceAuditAlarm

QuerySecurityAccessMask

QueryServiceObjectSecurity

RegGetKeySecurity

RegSetKeySecurity

RevertToSelf

RtlConvertSidToUnicodeString

RtlSetSaclSecurityDescriptor

SetAclInformation

SetEntriesInAcl

SetFileSecurity

SetKernelObjectSecurity

SetNamedSecurityInfo

SetPrivateObjectSecurity

SetPrivateObjectSecurityEx

SetSecurityAccessMask

SetSecurityDescriptorControl

SetSecurityDescriptorDacl

SetSecurityDescriptorGroup

SetSecurityDescriptorOwner

SetSecurityDescriptorRMControl

SetSecurityDescriptorSacl

SetSecurityInfo

SetServiceObjectSecurity

SetThreadToken

SetTokenInformation

SetUserObjectSecurity

TreeResetNamedSecurityInfo

TreeSetNamedSecurityInfo

Community Content

Add code samples and tips to enhance this topic.

More...

0 out of 1 rated this helpful - Rate this topic

ImpersonateSelf function

Applies to: desktop apps only

The ImpersonateSelf function obtains an access token that impersonates the security context of the calling process. The token is assigned to the calling thread.

Syntax

Copy

BOOL WINAPI ImpersonateSelf(
  __in  SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
);

Parameters

ImpersonationLevel [in]: Specifies a SECURITY_IMPERSONATION_LEVEL enumerated type that supplies the impersonation level of the new token.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The ImpersonateSelf function is used for tasks such as enabling a privilege for a single thread rather than for the entire process or for changing the default discretionary access control list (DACL) for a single thread.

The server can call the RevertToSelf function when the impersonation is complete.

For this function to succeed, the DACL protecting the process token must grant the TOKEN_DUPLICATE right to itself.

Requirements

Minimum supported client	Windows XP
Minimum supported server	Windows Server 2003
Header	Winbase.h (include Windows.h)
Library	Advapi32.lib
DLL	Advapi32.dll

See also

Client/Server Access Control Overview
Client/Server Access Control Functions
DuplicateToken
ImpersonateNamedPipeClient
RevertToSelf
SECURITY_IMPERSONATION_LEVEL

Send comments about this topic to Microsoft

Build date: 3/7/2012

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Content Add

Annotations

FAQ

© 2012 Microsoft. All rights reserved.

Terms of Use | Trademarks | Privacy Statement | Site Feedback Site Feedback

Site Feedback

x

Tell us about your experience...

Did the page load quickly?

Yes No

Do you like the page design?

Yes No

Tell us more