Impersonation is useful in a distributed computing environment when servers must pass client requests to other server processes or to the operating system. In this case, a server impersonates the client's security context. Other server processes can then handle the request as if it had been made by the original client.
For example, a client makes a request to Server A. If Server A must query Server B to complete the request, Server A impersonates client security context and makes the request to Server B on behalf of the client. Server B uses the original client's security context, instead of the security identity for Server A, to determine whether to complete the task.
The server calls RpcImpersonateClient to overwrite the security for the server thread with the client security context. After the task is completed, the server calls RpcRevertToSelf or RpcRevertToSelfEx to restore the security context defined for the server thread.
When binding, the client can specify quality-of-service information about security that specifies how the server can impersonate the client. For example, one of the settings lets the client specify that the server is not allowed to impersonate it.