ImpersonateClient function

The ImpersonateClient function is called by security packages to impersonate the package user.


NTSTATUS ImpersonateClient(void);


This function has no parameters.

Return value

If the function succeeds, the return value is STATUS_SUCCESS.

If the function fails, the return value is an NTSTATUS code indicating the reason it failed.


If the call to ImpersonateClient fails, the client connection is not impersonated and the client request is made in the security context of the process. If the process is running as a highly privileged account, such as LocalSystem, or as a member of an administrative group, the user may be able to perform actions they would otherwise be disallowed. Therefore, it is important to always check the return value of the call, and if it fails, raise an error; do not continue execution of the client request.

To end the impersonation, call the RevertToSelf function.

All impersonate functions, including ImpersonateClient allow the requested impersonation if one of the following is true:

  • The requested impersonation level of the token is less than SecurityImpersonation, such as SecurityIdentification or SecurityAnonymous.
  • The caller has the SeImpersonatePrivilege privilege.
  • A process (or another process in the caller's logon session) created the token using explicit credentials through LogonUser or LsaLogonUser function.
  • The authenticated identity is same as the caller.

Windows XP with SP1 and earlier:  The SeImpersonatePrivilege privilege is not supported.

A pointer to the ImpersonateClient function is available in the LSA_SECPKG_FUNCTION_TABLE structure received by the SpInitialize function.


Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]



See also