What's the difference ...
John Smith
the token handle returned by "LogonUser()" to the latter function
(SetThreadToken) with NULL as the first arg (to use the calling thread),
then how does that differ from calling "ImpersonateLoggedOnUser()" instead?
Igor Tandetnik
news:ufQUvVWp...@TK2MSFTNGP09.phx.gbl...
ImpersonateLoggedOnUser takes both primary tokens and impersonation
tokens, SetThreadToken wants impersonation tokens only. Note that
LogonUser usually returns a primary token which cannot be used with
SetThreadToken
--
With best wishes,
Igor Tandetnik
"For every complex problem, there is a solution that is simple, neat,
and wrong." H.L. Mencken
John Smith
> tokens, SetThreadToken wants impersonation tokens only. Note that
> LogonUser usually returns a primary token which cannot be used with
> SetThreadToken
Thanks for the feedback. I'm really looking for the "standard" (i.e., most
appropriate) way to impersonate a user. If I pass LOGON32_LOGON_NETWORK to
"LogonUser()" it returns an impersonation token. From this point there seems
to be little difference between passing that to either "SetThreadToken()" or
"ImpersonateLoggedOnUser()". That is, the docs don't mention whether
"SetThreadToken()" requires any special privileges and
"ImpersonateLoggedOnUser()" certainly doesn't need any (so say the docs).
Thus, I can't see any difference between them as far as impersonation is
concerned other than the fact that "SetThreadToken()" allows you to target a
specific thread. If targetting the current thread however then they appear
to be identical. Can you confirm this? Thanks.
Jeffrey Hamblin
(with the current thread) and ImpersonateLoggedOnUser are the same.
Jeff
"John Smith" <_nospam@_nospam.com> wrote in message
news:eeSeJoWp...@TK2MSFTNGP09.phx.gbl...
John Smith
SetThreadToken
> (with the current thread) and ImpersonateLoggedOnUser are the same.
Thanks very much!