Home Library Learn Downloads Support Community
Sign in | United States - English | |
3 out of 4 rated this helpful - Rate this topic

GetTokenInformation function

Applies to: desktop apps only

The GetTokenInformation function retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.

To determine if a user is a member of a specific group, use the CheckTokenMembership function. To determine group membership for app container tokens, use the CheckTokenMembershipEx function.

Syntax

Copy 
BOOL WINAPI GetTokenInformation(
  __in       HANDLE TokenHandle,
  __in       TOKEN_INFORMATION_CLASS TokenInformationClass,
  __out_opt  LPVOID TokenInformation,
  __in       DWORD TokenInformationLength,
  __out      PDWORD ReturnLength
);

Parameters

TokenHandle [in]

A handle to an access token from which information is retrieved. If TokenInformationClass specifies TokenSource, the handle must have TOKEN_QUERY_SOURCE access. For all other TokenInformationClass values, the handle must have TOKEN_QUERY access.

TokenInformationClass [in]

Specifies a value from the TOKEN_INFORMATION_CLASS enumerated type to identify the type of information the function retrieves. Any callers who check the TokenIsAppContainer and have it return 0 should also verify that the caller token is not an identify level impersonation token. If the current token is not an app container but is an identity level token, you should return AccessDenied.

TokenInformation [out, optional]

A pointer to a buffer the function fills with the requested information. The structure put into this buffer depends upon the type of information specified by the TokenInformationClass parameter.

TokenInformationLength [in]

Specifies the size, in bytes, of the buffer pointed to by the TokenInformation parameter. If TokenInformation is NULL, this parameter must be zero.

ReturnLength [out]

A pointer to a variable that receives the number of bytes needed for the buffer pointed to by the TokenInformation parameter. If this value is larger than the value specified in the TokenInformationLength parameter, the function fails and stores no data in the buffer.

If the value of the TokenInformationClass parameter is TokenDefaultDacl and the token has no default DACL, the function sets the variable pointed to by ReturnLength to sizeof(TOKEN_DEFAULT_DACL) and sets the DefaultDacl member of the TOKEN_DEFAULT_DACL structure to NULL.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Examples

For an example that uses this function, see Getting the Logon SID or Searching for a SID in an Access Token.

Requirements

Minimum supported client

Windows XP

Minimum supported server

Windows Server 2003

Header
Winbase.h (include Windows.h)

Library
Advapi32.lib

DLL
Advapi32.dll

See also

Access Control Overview
Basic Access Control Functions
AdjustTokenGroups
AdjustTokenPrivileges
CheckTokenMembership
OpenProcessToken
OpenThreadToken
SECURITY_IMPERSONATION_LEVEL
SetTokenInformation
TOKEN_DEFAULT_DACL
TOKEN_GROUPS
TOKEN_GROUPS_AND_PRIVILEGES
TOKEN_INFORMATION_CLASS
TOKEN_OWNER
TOKEN_PRIMARY_GROUP
TOKEN_PRIVILEGES
TOKEN_SOURCE
TOKEN_STATISTICS
TOKEN_TYPE
TOKEN_USER

 

 

Send comments about this topic to Microsoft

Build date: 3/7/2012

Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ
GetTokenInformation returns GetLastError ERROR_BAD_LENGTH on TokenSessionId

Usually, you'll get ERROR_INSUFFICIENT_BUFFER if your buffer was too small. However, on class TokenSessionID you'll get ERROR_BAD_LENGTH because it is a ULONG (4 bytes).

History