The DuplicateToken function creates a new access token that duplicates one already in existence.
Syntax
BOOL WINAPI DuplicateToken(
__in HANDLE ExistingTokenHandle,
__in SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
__out PHANDLE DuplicateTokenHandle
);
Parameters
- ExistingTokenHandle [in]
-
A handle to an access token opened with TOKEN_DUPLICATE access.
- ImpersonationLevel [in]
-
Specifies a
SECURITY_IMPERSONATION_LEVEL enumerated type that supplies the impersonation level of the new token.
- DuplicateTokenHandle [out]
-
A pointer to a variable that receives a handle to the duplicate token. This handle has TOKEN_IMPERSONATE and TOKEN_QUERY access to the new token.
When you have finished using the new token, call the CloseHandle function to close the token handle.
Return Value
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call
GetLastError.
Remarks
The DuplicateToken function creates an impersonation token, which you can use in functions such as SetThreadToken and ImpersonateLoggedOnUser. The token created by DuplicateToken cannot be used in the CreateProcessAsUser function, which requires a primary token. To create a token that you can pass to CreateProcessAsUser, use the DuplicateTokenEx function.
Requirements
| Minimum supported client | Windows 2000 Professional |
|---|
| Minimum supported server | Windows 2000 Server |
|---|
| Header | Winbase.h (include Windows.h) |
|---|
| Library | Advapi32.lib |
|---|
| DLL | Advapi32.dll |
|---|
See Also
- Access Control Overview
- Basic Access Control Functions
- CreateProcessAsUser
- DuplicateTokenEx
- ImpersonateLoggedOnUser
- SECURITY_IMPERSONATION_LEVEL
- SetThreadToken
Send comments about this topic to Microsoft
Build date: 9/11/2009