WindowsImpersonationContext Class


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Represents the Windows user prior to an impersonation operation.

Namespace:   System.Security.Principal
Assembly:  mscorlib (in mscorlib.dll)


public ref class WindowsImpersonationContext : IDisposable


Releases all resources used by the WindowsImpersonationContext.


Releases the unmanaged resources used by the WindowsImpersonationContext and optionally releases the managed resources.


Determines whether the specified object is equal to the current object.(Inherited from Object.)


Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)


Serves as the default hash function. (Inherited from Object.)


Gets the Type of the current instance.(Inherited from Object.)


Creates a shallow copy of the current Object.(Inherited from Object.)


Returns a string that represents the current object.(Inherited from Object.)


Reverts the user context to the Windows user represented by this object.

This class reverts a user's identity after the user impersonates another user.


This type implements the IDisposable interface. When you have finished using the type, you should dispose of it either directly or indirectly. To dispose of the type directly, call its Dispose method in a try/catch block. To dispose of it indirectly, use a language construct such as using (in C#) or Using (in Visual Basic). For more information, see the “Using an Object that Implements IDisposable” section in the IDisposable interface topic.

Notes to Implementers:

Because Microsoft Windows 98 and Windows Millennium Edition platforms do not have users or user tokens, impersonation cannot take place on those platforms.

The following example demonstrates how to impersonate a user and then revert to the original identity.

// This sample demonstrates the use of the WindowsIdentity class to impersonate a user.
// This sample requests the user to enter a password on the console screen.
// Because the console window does not support methods allowing the password to be masked,
// it will be visible to anyone viewing the screen.
// On Windows Vista and later this sample must be run as an administrator. 

#using <System.dll>

using namespace System;
using namespace System::Runtime::InteropServices;
using namespace System::Security::Principal;
using namespace System::Security::Permissions;

bool LogonUser( String^ lpszUsername, String^ lpszDomain, String^ lpszPassword, int dwLogonType, int dwLogonProvider, IntPtr * phToken );

bool CloseHandle( IntPtr handle );

// Test harness.
// If you incorporate this code into a DLL, be sure to demand FullTrust.

int main()
   IntPtr tokenHandle = IntPtr(0);

      String^ userName;
      String^ domainName;

      // Get the user token for the specified user, domain, and password using the 
      // unmanaged LogonUser method.  
      // The local machine name can be used for the domain name to impersonate a user on this machine.
      Console::Write( "Enter the name of the domain on which to log on: " );
      domainName = Console::ReadLine();
      Console::Write( "Enter the login of a user on {0} that you wish to impersonate: ", domainName );
      userName = Console::ReadLine();
      Console::Write( "Enter the password for {0}: ", userName );
      const int LOGON32_PROVIDER_DEFAULT = 0;

      //This parameter causes LogonUser to create a primary token.
      const int LOGON32_LOGON_INTERACTIVE = 2;
      const int SecurityImpersonation = 2;
      tokenHandle = IntPtr::Zero;

      // Call LogonUser to obtain a handle to an access token.
      bool returnValue = LogonUser( userName, domainName, Console::ReadLine(), LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,  &tokenHandle );
      Console::WriteLine( "LogonUser called." );
      if ( false == returnValue )
         int ret = Marshal::GetLastWin32Error();
         Console::WriteLine( "LogonUser failed with error code : {0}", ret );
         throw gcnew System::ComponentModel::Win32Exception( ret );
      Console::WriteLine( "Did LogonUser Succeed? {0}", (returnValue ? (String^)"Yes" : "No") );
      Console::WriteLine( "Value of Windows NT token: {0}", tokenHandle );

      // Check the identity.
      Console::WriteLine( "Before impersonation: {0}", WindowsIdentity::GetCurrent()->Name );

      // The token that is passed to the following constructor must 
      // be a primary token in order to use it for impersonation.
      WindowsIdentity^ newId = gcnew WindowsIdentity( tokenHandle );
      WindowsImpersonationContext^ impersonatedUser = newId->Impersonate();

      // Check the identity.
      Console::WriteLine( "After impersonation: {0}", WindowsIdentity::GetCurrent()->Name );

      // Stop impersonating the user.

      // Check the identity.
      Console::WriteLine( "After Undo: {0}", WindowsIdentity::GetCurrent()->Name );

      // Free the tokens.
      if ( tokenHandle != IntPtr::Zero )
            CloseHandle( tokenHandle );
   catch ( Exception^ ex ) 
      Console::WriteLine( "Exception occurred. {0}", ex->Message );


.NET Framework
Available since 1.1

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top