| title | IHttpTokenEntry::GetImpersonationToken Method |
|---|---|
| description | Learn how the IHttpTokenEntry::GetImpersonationToken method returns the impersonation token for a user. |
| ms.date | 10/07/2016 |
| ms.assetid | c02033ef-5f32-4c95-4a15-b19c885741c9 |
Returns the impersonation token for a user.
virtual HANDLE GetImpersonationToken(
VOID
) = 0; This method takes no parameters.
A HANDLE that represents the impersonation token for a user. May be NULL.
An impersonation token is a handle that defines the security context of the user that is making a request. This token allows the server to impersonate a user during a request so that access to system resources is based upon the access rules for that user.
During impersonation, both the primary token returned from the GetPrimaryToken method and the impersonation token returned from the GetImpersonationToken method are used. This may either expand or contract the user privileges based upon security rules for that user.
CGlobalModule derived classes that register for GL_CACHE_OPERATION events receive an ICacheProvider pointer as a parameter on the CGlobalModule::OnGlobalCacheOperationvirtual method. You can retrieve an IHttpCacheSpecificData pointer by calling the ICacheProvider::GetCacheRecord method and, in some cases, you can downcast this IHttpCacheSpecificData pointer to an IHttpTokenEntry pointer. You can then retrieve the impersonation token handle by calling the GetImpersonationToken method.
For more information on downcast rules, see ICacheProvider::GetCacheRecord.
IHttpTokenEntry implementers are responsible for resource management with this data; therefore, IHttpTokenEntry implementers must call the CloseHandle function on the handle when it is no longer needed.
IHttpTokenEntry implementers are responsible for resource management with this data; therefore, IHttpTokenEntry clients must not call CloseHandle on the returned handle when this data is no longer needed. Furthermore, clients must not change the state of the memory that this handle references, because an access violation will be thrown or the data will become invalid.
The following code example demonstrates how to create a global module that listens for GL_CACHE_OPERATION and GL_CACHE_CLEANUP events and then writes the IHttpTokenEntry information to the Event Viewer.
Caution
[!INCLUDEiisver] generates a large number of events in the Event Viewer. To avoid a log overflow error in a production environment, you should generally avoid writing cache information to the event log. For demonstration purposes, this code example writes an entry to the Event Viewer in debug mode only.
[!code-cppIHttpTokenEntry#2]
The above code writes a new event to the Event Viewer, where the Data box contains a string similar to the following.
IHttpTokenEntry::GetImpersonationToken: valid
Your module must export the RegisterModule function. You can export this function by creating a module definition (.def) file for your project, or you can compile the module by using the /EXPORT:RegisterModule switch. For more information, see Walkthrough: Creating a Request-Level HTTP Module By Using Native Code.
You can optionally compile the code by using the __stdcall (/Gz) calling convention instead of explicitly declaring the calling convention for each function.
| Type | Description |
|---|---|
| Client | - IIS 7.0 on [!INCLUDEwinvista] - IIS 7.5 on Windows 7 - IIS 8.0 on Windows 8 - IIS 10.0 on Windows 10 |
| Server | - IIS 7.0 on [!INCLUDEwinsrv2008] - IIS 7.5 on Windows Server 2008 R2 - IIS 8.0 on Windows Server 2012 - IIS 8.5 on Windows Server 2012 R2 - IIS 10.0 on Windows Server 2016 |
| Product | - IIS 7.0, IIS 7.5, IIS 8.0, IIS 8.5, IIS 10.0 - [!INCLUDEiisexp75], [!INCLUDEiisexp80], [!INCLUDEiisexp100] |
| Header | Httpserv.h |
IHttpTokenEntry Interface
IHttpTokenEntry::GetPrimaryToken Method
IHttpTokenEntry::GetSid Method