Export (0) Print
Expand All

Querying a Client Context

Applications can call the AuthzGetInformationFromContext function to query information about an existing client context.

The InfoClass parameter of the AuthzGetInformationFromContext function takes a value from the AUTHZ_CONTEXT_INFORMATION_CLASS enumeration that specifies what type of information the function queries.

Security attribute variables must be present in the client context if referred to in a conditional expression; otherwise, the conditional expression term referencing them will be evaluated as unknown. For more information on conditional expressions, see the Security Descriptor Definition Language for Conditional ACEs topic.

Example

The following example queries the client context created in the example from Initializing a Client Context to retrieve the list of SIDs of groups associated with that client context.


BOOL GetGroupsFromContext(AUTHZ_CLIENT_CONTEXT_HANDLE hClientContext)
{

    DWORD                cbSize = 0;
    PTOKEN_GROUPS        pTokenGroups=NULL;
    LPTSTR                StringSid = NULL;
    BOOL                bResult = FALSE;
    int i = 0;

    //Call the AuthzGetInformationFromContext function with a NULL output buffer to get the required buffer size.
    AuthzGetInformationFromContext(hClientContext, AuthzContextInfoGroupsSids, 0, &cbSize, NULL);
    
        
    

    //Allocate the buffer for the TOKEN_GROUPS structure.
    pTokenGroups = (PTOKEN_GROUPS)malloc(cbSize);
    if (!pTokenGroups)
        return FALSE;

    //Get the SIDs of groups associated with the client context. 
    if(!AuthzGetInformationFromContext(hClientContext, AuthzContextInfoGroupsSids, cbSize, &cbSize, pTokenGroups))
    {    
        printf_s("AuthzGetInformationFromContext failed with %d\n", GetLastError);
        free(pTokenGroups);
        return FALSE;
    }

    //Enumerate and display the group SIDs.
    for (i=pTokenGroups->GroupCount-1; i >= 0; --i)
    {
        //Convert a SID to a string.
        if(!ConvertSidToStringSid(
            pTokenGroups->Groups[i].Sid,
            &StringSid
            ))
        {
            LocalFree(StringSid);
            return FALSE;
        }


        wprintf_s(L"%s \n", StringSid);
        
    }

    free(pTokenGroups);

    return TRUE;
}


Related topics

Adding SIDs to a Client Context
Caching Access Checks
Checking Access with Authz API
How AccessCheck Works
Initializing a Client Context
Security Descriptor Definition Language for Conditional ACEs

 

 

Community Additions

ADD
Show:
© 2014 Microsoft