Export (0) Print
Expand All
Expand Minimize

ImpersonateNamedPipeClient function

The ImpersonateNamedPipeClient function impersonates a named-pipe client application.

Syntax


BOOL WINAPI ImpersonateNamedPipeClient(
  _In_ HANDLE hNamedPipe
);

Parameters

hNamedPipe [in]

A handle to a named pipe.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The ImpersonateNamedPipeClient function allows the server end of a named pipe to impersonate the client end. When this function is called, the named-pipe file system changes the thread of the calling process to start impersonating the security context of the last message read from the pipe. Only the server end of the pipe can call this function.

The server can call the RevertToSelf function when the impersonation is complete.

Important  If the ImpersonateNamedPipeClient function fails, the client is not impersonated, and all subsequent client requests are made in the security context of the process that called the function. If the calling process is running as a privileged account, it can perform actions that the client would not be allowed to perform. To avoid security risks, the calling process should always check the return value. If the return value indicates that the function call failed, no client requests should be executed.

All impersonate functions, including ImpersonateNamedPipeClient allow the requested impersonation if one of the following is true:

  • The requested impersonation level of the token is less than SecurityImpersonation, such as SecurityIdentification or SecurityAnonymous.
  • The caller has the SeImpersonatePrivilege privilege.
  • A process (or another process in the caller's logon session) created the token using explicit credentials through LogonUser or LsaLogonUser function.
  • The authenticated identity is same as the caller.

Windows XP with SP1 and earlier:  The SeImpersonatePrivilege privilege is not supported.

Examples

For an example that uses this function, see Verifying Client Access with ACLs.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Winbase.h (include Windows.h)

Library

Advapi32.lib

DLL

Advapi32.dll

See also

Client/Server Access Control Overview
Client/Server Access Control Functions
DdeImpersonateClient
DuplicateToken
RevertToSelf

 

 

Community Additions

ADD
Show:
© 2015 Microsoft