No logon SID in access token coming from SSPI impersonation

It seems there is no logon SID in access token that come from an
SSPI/Kerberos impersonation.

The context: My programs [client/server] uses SSPI API for
impersonation. The SSPI part works well, both
InitializeSecurityContext() and AcceptSecurityContext() return
SEC_E_OK, and I can impersonate and act as the authenticated user on
server side. Now I want retrieve the logon SID of authenticated user:

So I use:

to retrieve authenticated user's impersonation access token.

Then I use:

to retrieve authenticated user's primary access token.
[This token is smart enough to be used in CreateProcessAsUser() and
that CreateProcessAsUser() call succeed, so it's a good strong primary
access token]

Then I use GetLogonSID from [1] to get logon SID referred by this
access token. But none element in TokenGroup's access token is of type
SE_GROUP_LOGON_ID. Thus no logon SID in this access token... and
GetLogonSID() call failed...

Display the logon session with 'logonsessions' tools give me:

C:\> logonsessions
[8] Logon session 00000000:01afaf46:
User name: STRASBOURG\user
Auth package: Kerberos
Logon type: Network
Session: 0
Sid: S-1-5-21-625047747-450033616-3515863536-1114
Logon time: 1/4/2007 11:27:06 AM
Logon server:
DNS Domain:

Thus I have several question:

o I'm wrong doing that way or not?

o Is it possible that some kind of logon session doesn't have logon
SID? [For example non-interactive authentication logon session as
SSPI/Kerberos can do]

I cannot find any documentation focused on that point and all examples
I have found use LogonUser() or assimilate functions to retrieve access

o Can we set a logon SID to an access token? Is it a good way?

o Are there other ways to find the logon SID of a logon session?


[1] Getting the Logon SID in C++: