The ImpersonateNamedPipeClient function impersonates a named-pipe client application.
- hNamedPipe [in]
A handle to a named pipe.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
The ImpersonateNamedPipeClient function allows the server end of a named pipe to impersonate the client end. When this function is called, the named-pipe file system changes the thread of the calling process to start impersonating the security context of the last message read from the pipe. Only the server end of the pipe can call this function.
The server can call the RevertToSelf function when the impersonation is complete.
All impersonate functions, including ImpersonateNamedPipeClient allow the requested impersonation if one of the following is true:
- The requested impersonation level of the token is less than SecurityImpersonation, such as SecurityIdentification or SecurityAnonymous.
- The caller has the SeImpersonatePrivilege privilege.
- A process (or another process in the caller's logon session) created the token using explicit credentials through LogonUser or LsaLogonUser function.
- The authenticated identity is same as the caller.
Windows XP with SP1 and earlier: The SeImpersonatePrivilege privilege is not supported.
For an example that uses this function, see Verifying Client Access with ACLs.
Minimum supported client
|Windows XP [desktop apps only]|
Minimum supported server
|Windows Server 2003 [desktop apps only]|
- Client/Server Access Control Overview
- Client/Server Access Control Functions