This support function allows you to retrieve a handle to the impersonation token that the request is using. An impersonation token represents a user context.
BOOL ServerSupportFunction(
HCONN ConnID,
DWORD HSE_REQ_GET_IMPERSONATION_TOKEN,
LPVOID lpvBuffer,
LPDWORD lpdwSize,
LPDWORD lpdwDataType
);
When your ISAPI extension attempts to access a resource, such as files or registry keys, the thread should be set to impersonate the user by using either the ImpersonateLoggedOnUser or SetThreadToken Win32® API function. The handle returned, through the HANDLE structure specified by the lpvBuffer parameter, is suitable for use with either of these Win32 API calls.
It is important to note that, because the token is owned by IIS and not by your ISAPI extension, your extension should not call CloseHandle on the token. The token will be destroyed by IIS when the current request's EXTENSION_CONTROL_BLOCK is destroyed.