Welcome  |  Sign in
Skip Navigation Links
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Security
Authorization
 OpenThreadToken Function
OpenThreadToken Function

The OpenThreadToken function opens the access token associated with a thread.

Syntax

BOOL WINAPI OpenThreadToken(
  __in   HANDLE ThreadHandle,
  __in   DWORD DesiredAccess,
  __in   BOOL OpenAsSelf,
  __out  PHANDLE TokenHandle
);

Parameters

ThreadHandle [in]

A handle to the thread whose access token is opened.

DesiredAccess [in]

Specifies an access mask that specifies the requested types of access to the access token. These requested access types are reconciled against the token's discretionary access control list (DACL) to determine which accesses are granted or denied.

For a list of access rights for access tokens, see Access Rights for Access-Token Objects.

OpenAsSelf [in]

TRUE if the access check is to be made against the process-level security context.

FALSE if the access check is to be made against the current security context of the thread calling the OpenThreadToken function.

The OpenAsSelf parameter allows the caller of this function to open the access token of a specified thread when the caller is impersonating a token at SecurityIdentification level. Without this parameter, the calling thread cannot open the access token on the specified thread because it is impossible to open executive-level objects by using the SecurityIdentification impersonation level.

TokenHandle [out]

A pointer to a variable that receives the handle to the newly opened access token.

Return Value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError. If the token has the anonymous impersonation level, the token will not be opened and OpenThreadToken sets ERROR_CANT_OPEN_ANONYMOUS as the error.

Remarks

Tokens with the anonymous impersonation level cannot be opened.

Close the access token handle returned through the TokenHandle parameter by calling CloseHandle.

Requirements

Client Requires Windows Vista, Windows XP, or Windows 2000 Professional.
Server Requires Windows Server 2008, Windows Server 2003, or Windows 2000 Server.
Header

Declared in Winbase.h; include Windows.h.
Library

Use Advapi32.lib.
DLL

Requires Advapi32.dll.

See Also

Access Control Overview
Basic Access Control Functions
AccessCheck
AdjustTokenGroups
AdjustTokenPrivileges
CloseHandle
GetTokenInformation
OpenProcessToken
SECURITY_IMPERSONATION_LEVEL
SetThreadToken
SetTokenInformation


Send comments about this topic to Microsoft

Build date: 7/31/2008

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Terms & Defs      ddaS-edEn   |   Edit   |  
Access Token - An access token contains the security information for a logon session. The system creates an access token when a user logs on, and every process executed on behalf of the user has a copy of the token. The token identifies the user, the user's groups, and the user's privileges. The system uses the token to control access to securable objects and to control the ability of the user to perform various system-related operations on the local computer. There are two kinds of access token, primary and impersonation.
Tags What's this?: Add a tag
Flag as ContentBug
Processing
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker