Expand Minimize

DuplicateToken function

The DuplicateToken function creates a new access token that duplicates one already in existence.

Syntax


BOOL WINAPI DuplicateToken(
  _In_   HANDLE ExistingTokenHandle,
  _In_   SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
  _Out_  PHANDLE DuplicateTokenHandle
);

Parameters

ExistingTokenHandle [in]

A handle to an access token opened with TOKEN_DUPLICATE access.

ImpersonationLevel [in]

Specifies a SECURITY_IMPERSONATION_LEVEL enumerated type that supplies the impersonation level of the new token.

DuplicateTokenHandle [out]

A pointer to a variable that receives a handle to the duplicate token. This handle has TOKEN_IMPERSONATE and TOKEN_QUERY access to the new token.

When you have finished using the new token, call the CloseHandle function to close the token handle.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The DuplicateToken function creates an impersonation token, which you can use in functions such as SetThreadToken and ImpersonateLoggedOnUser. The token created by DuplicateToken cannot be used in the CreateProcessAsUser function, which requires a primary token. To create a token that you can pass to CreateProcessAsUser, use the DuplicateTokenEx function.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Winbase.h (include Windows.h)

Library

Advapi32.lib

DLL

Advapi32.dll

See also

Access Control Overview
Basic Access Control Functions
CreateProcessAsUser
DuplicateTokenEx
ImpersonateLoggedOnUser
SECURITY_IMPERSONATION_LEVEL
SetThreadToken

 

 

Community Additions

ADD
Show:
© 2014 Microsoft