The ImpersonateLoggedOnUser function lets the calling thread impersonate the security context of a logged-on user. The user is represented by a token handle.
Arguments:
hToken
Handle to an access token that represents a logged-on user. This handle is returned by a call to LogonUser.
Returns:
If the function succeeds, the return value is True.
If the function fails, the return value is False.
Remarks:
The impersonation lasts until the thread exits or until it calls RevertToSelf.
The calling thread does not need to have any particular privileges to call ImpersonateLoggedOnUser.
If the call to ImpersonateLoggedOnUser fails, the client connection is not impersonated and the client request is made in the security context of the process.All impersonate functions, including ImpersonateLoggedOnUser, check to determine if the caller has the SeImpersonatePrivilege privilege. If the caller has the SeImpersonatePrivilege privilege, or if the authenticated identity is the same as the caller, then the requested impersonation is allowed. Otherwise, the impersonation succeeds at Identify level only.
Please see the code sample for LogonUser for an example of how to use this function.
Requirements:
Version 1.0
See Also:
RevertToSelf, LogonUser
Impersonate.vbs in the TaskGhost\Scripts directory.