Re: ImpersonateSecurityContext
From: Rajkumar Mohanram [MSFT] (rajkm@online.microsoft.com)
Date: 04/03/03
- Next message: Motherchucker: "Re: Blocking user's by MAC address"
- Previous message: Arlis Brown: "Enterprise Root CA Install"
- In reply to: Jeff Kleber: "ImpersonateSecurityContext"
- Next in thread: Jeff Kleber: "Re: ImpersonateSecurityContext"
- Reply: Jeff Kleber: "Re: ImpersonateSecurityContext"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Rajkumar Mohanram [MSFT]" <rajkm@online.microsoft.com> Date: Wed, 2 Apr 2003 16:51:53 -0800
This might be the problem as explained in MSDN:
ImpersonateSecurityContext is not available with all security packages on
all platforms. Typically, it is implemented only on platforms and with
security packages for which a call to the QuerySecurityPackageInfo function
indicates impersonation support. The caller must also specify
ASC_REQ_DELEGATE in the AcceptSecurityContext function.
Note If the ImpersonateSecurityContext function fails, the client is not
impersonated, and all subsequent client requests are made in the security
context of the process that called the function. If the calling process is
running as a privileged account, it can perform actions that the client
would not be allowed to perform. To avoid security risks, the calling
process should always check the return value. If the return value indicates
that the function call failed, no client requests should be executed.
All impersonate functions, including ImpersonateSecurityContext, check to
determine if the caller has the SeImpersonatePrivilege privilege. If the
caller has the SeImpersonatePrivilege privilege, or if the authenticated
identity is the same as the caller, then the requested impersonation is
allowed. Otherwise, the impersonation succeeds at Identify level only.
Windows XP, Windows 2000 SP3 and earlier, and Windows NT: The
SeImpersonatePrivilege privilege is not supported
If this does not answer your question, could you tell me what package are
you using and what are you impersonating ?
-- Rajkumar Mohanram [MSFT] Windows Security - Kerberos Authentication Protocol This posting is provided "AS IS" with no warranties, and confers no rights. . "Jeff Kleber" <jeffkleber@compuserve.com> wrote in message news:4DOdnYpawZLFwBejXTWc3g@comcast.com... > In my server application, calls to ImpersonateSecurityContext fail with > error 0x80090302 unless the server app is running as the domain admin. Any > thoughts? > > Thanks, Jeff > >
- Next message: Motherchucker: "Re: Blocking user's by MAC address"
- Previous message: Arlis Brown: "Enterprise Root CA Install"
- In reply to: Jeff Kleber: "ImpersonateSecurityContext"
- Next in thread: Jeff Kleber: "Re: ImpersonateSecurityContext"
- Reply: Jeff Kleber: "Re: ImpersonateSecurityContext"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
