Export (0) Print
Expand All

IHttpServerContext::GetImpersonationToken 

Call this method to retrieve a handle to the impersonation token for this request.


BOOL GetImpersonationToken(
   HANDLE* pToken 
);

Parameters

pToken

Pointer to a handle to receive the impersonation token.

Returns TRUE on success, and FALSE on failure.

An impersonation token represents a user context. You can use the handle in calls to ImpersonateLoggedOnUser or SetThreadToken. Do not call CloseHandle on the handle.

This method is equivalent to the HSE_REQ_GET-IMPERSONATION server support function.

[ tag_name(name="GetImpersonationToken") ]
HTTP_CODE OnGetImpersonationToken()
{
    // This replacement method will determine if the
    // user is an administrator.

    // Use HTTP_UNAUTHORIZED return value to force authentication.
    HTTP_CODE hcErr = HTTP_UNAUTHORIZED;
    HANDLE hToken = NULL;

    // Get the user token.
    BOOL bRet = m_spServerContext->GetImpersonationToken(&hToken);
    if (bRet)
    {
        CAccessToken tok;
        tok.Attach(hToken);

        // Get the token groups.
        CTokenGroups tokGroups;
        if (tok.GetGroups(&tokGroups))
        {
            // Determine whether the Administrators group
            // is one of the user's groups.
            if (tokGroups.LookupSid(Sids::Admins()))
            {
                // The user is an administrator.
                hcErr = HTTP_SUCCESS;
            }
        }

        // Do not close the handle to the user's impersonation token.
        tok.Detach();
    }

    if (hcErr == HTTP_SUCCESS)
    {
        m_HttpResponse << "The user is an administrator";
    }

    return hcErr;
}

Community Additions

ADD
Show:
© 2015 Microsoft