Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Security
Authorization
 OpenThreadToken Function

  Switch on low bandwidth view
OpenThreadToken Function

The OpenThreadToken function opens the access token associated with a thread.

Syntax

C++
BOOL WINAPI OpenThreadToken(
  __in   HANDLE ThreadHandle,
  __in   DWORD DesiredAccess,
  __in   BOOL OpenAsSelf,
  __out  PHANDLE TokenHandle
);

Parameters

ThreadHandle [in]

A handle to the thread whose access token is opened.

DesiredAccess [in]

Specifies an access mask that specifies the requested types of access to the access token. These requested access types are reconciled against the token's discretionary access control list (DACL) to determine which accesses are granted or denied.

For a list of access rights for access tokens, see Access Rights for Access-Token Objects.

OpenAsSelf [in]

TRUE if the access check is to be made against the process-level security context.

FALSE if the access check is to be made against the current security context of the thread calling the OpenThreadToken function.

The OpenAsSelf parameter allows the caller of this function to open the access token of a specified thread when the caller is impersonating a token at SecurityIdentification level. Without this parameter, the calling thread cannot open the access token on the specified thread because it is impossible to open executive-level objects by using the SecurityIdentification impersonation level.

TokenHandle [out]

A pointer to a variable that receives the handle to the newly opened access token.

Return Value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError. If the token has the anonymous impersonation level, the token will not be opened and OpenThreadToken sets ERROR_CANT_OPEN_ANONYMOUS as the error.

Remarks

Tokens with the anonymous impersonation level cannot be opened.

Close the access token handle returned through the TokenHandle parameter by calling CloseHandle.

Requirements

Minimum supported clientWindows 2000 Professional
Minimum supported serverWindows 2000 Server
HeaderWinbase.h (include Windows.h)
LibraryAdvapi32.lib
DLLAdvapi32.dll

See Also

Access Control Overview
Basic Access Control Functions
AccessCheck
AdjustTokenGroups
AdjustTokenPrivileges
CloseHandle
GetTokenInformation
OpenProcessToken
SECURITY_IMPERSONATION_LEVEL
SetThreadToken
SetTokenInformation

Send comments about this topic to Microsoft

Build date: 6/26/2009

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Terms & Defs      ddaS-edEn   |   Edit   |   Show History
Access Token - An access token contains the security information for a logon session. The system creates an access token when a user logs on, and every process executed on behalf of the user has a copy of the token. The token identifies the user, the user's groups, and the user's privileges. The system uses the token to control access to securable objects and to control the ability of the user to perform various system-related operations on the local computer. There are two kinds of access token, primary and impersonation.
Tags What's this?: Add a tag
Flag as ContentBug
OpenThreadToken may fail with ERROR_NO_TOKEN      Christoph Lindemann   |   Edit   |   Show History
If the thread specified in ThreadHandle does not have an assigned token, OpenThreadToken my fail and set ERROR_NO_TOKEN as the error. In this case use OpenProcessToken to get the process token.
When the thread is not currently impersonating, the thread will not have any token assigned.

© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker