Platform SDK: Interprocess Communications |
Impersonation is the ability of a thread to execute in a security context different from that of the process that owns the thread. A named pipe server thread can call the ImpersonateNamedPipeClient function to assume the access token of the user connected to the client end of the pipe. Impersonation enables the server thread to perform actions on behalf of the client, but within the limits of the client's security context. For example, a named pipe server can provide access to a database or file system to which the pipe server has privileged access. The client typically has some lesser level of access rights. When a pipe client sends a request to the server, the server impersonates the client and attempts to access the protected database. The system then grants or denies the server's access, based on the security level of the client. When the server is finished, it uses the RevertToSelf function to restore its original security token.
The impersonation level determines the operations the server can perform while impersonating the client. By default, a server impersonates at the SecurityImpersonation impersonation level. However, when the client calls the CreateFile function to open a handle to the client end of the pipe, the client can use the SECURITY_SQOS_PRESENT flag to control the server's impersonation level.