| Platform SDK: Access Control |
The OpenThreadToken function opens the access token associated with a thread.
BOOL OpenThreadToken( HANDLE ThreadHandle, // handle to thread DWORD DesiredAccess, // access to process BOOL OpenAsSelf, // process or thread security PHANDLE TokenHandle // handle to open access token );
For a list of access rights for access tokens, see Access Rights for Access-Token Objects.
If this parameter is FALSE, the access check is performed using the security context for the calling thread. If the thread is impersonating a client, this security context can be that of a client process. If this parameter is TRUE, the access check is made using the security context of the process for the calling thread.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
The OpenAsSelf parameter allows a server process to open the access token for a client process when the client process has specified the SecurityIdentification impersonation level for the SECURITY_IMPERSONATION_LEVEL enumerated type. Without this parameter, the calling process is not be able to open the client's access token using the client's security context, because it is impossible to open executive-level objects using the SecurityIdentification impersonation level.
Remember to close the access token handle returned through the TokenHandle parameter by calling CloseHandle.
Windows NT/2000: Requires Windows NT 3.1 or later.
Header: Declared in Winbase.h; include Windows.h.
Library: Use Advapi32.lib.
Access Control Overview, Access Control Functions, AdjustTokenGroups, AdjustTokenPrivileges, GetTokenInformation, OpenProcessToken, SetThreadToken, SetTokenInformation