IServerSecurity::ImpersonateClient
Allows a
server to impersonate a client for the duration of a call.
HRESULT ImpersonateClient()
Return Values
This method
supports the standard return value E_FAIL, as well as the following:
S_OK
Success.
Remarks
IServerSecurity::ImpersonateClient allows a server to impersonate a client for the
duration of a call. What the server may do depends on the impersonation level,
specified through one of the RPC_C_IMP_LEVEL_xxx constants. The server
may impersonate the client on any secure call at identify, impersonate, or
delegate level. At identify level, the server may only find out the client name
and perform ACL checks; it may not access system objects as the client. At
delegate level, the server may make off-machine calls while impersonating the
client. The impersonation information only lasts until the end of the current
method call. At that time, IServerSecurity::RevertToSelf will
automatically be called if necessary.
Traditionally,
impersonation information is not nested - the last call to any Win32 impersonation mechanism overrides any
previous impersonation. However, in the apartment model, impersonation is
maintained during nested calls. Thus if the server A receives a
call from B, impersonates, calls C, receives a call
from D, impersonates, reverts, and receives the reply from C,
the impersonation will be set back to B, not A.
Distributed
COM currently does not support dynamic impersonation. The only way to change
the client token associated with remote OLE calls is to use IClientSecurity::SetBlanket on the proxy being called.
Calling IServerSecurity::ImpersonateClient to impersonate your client
and then making a remote call to another server will not affect the token the
second server sees when it impersonates on your call.
See Also