Home   Index   About
Ultimate Pack


Custom Search
Access Tokens

When a user logs on, the system verifies the user's password by comparing it with information stored in a security database. If the password is authenticated, the system produces an access token and attaches it to the user's process. This access token identifies the user in all subsequent interactions with securable objects and contains the following information about a process:

  • The user's SID

  • Group SIDs

  • Privileges

  • An owner SID

  • The SID for the primary group

  • The default discretionary access-control list (ACL)

  • The source of the access token

  • Whether the token is a primary or impersonation token

  • Current impersonation levels

  • Other statistics

Every process has a primary token that determines the security context in which the process interacts with securable objects. By default, a thread runs in the security context of its process. However, a thread can use impersonation to run in a different security context. In this case, the thread has an impersonation token that determines the security context for most of the thread's actions. For more information, see Impersonation.

For more information about privileges, see Privileges. For more information about security identifiers (SIDs), see Security Identifiers (SIDs). For more information about discretionary ACLs, see Access-control Lists (ACLs). For more information about the components of an access token, see the following token structures and enumerated types.

Structure or enumeration type
Specifies
TOKEN_CONTROL
Information useful in identifying an access token.
TOKEN_DEFAULT_DACL
The default discretionary ACL for an access token.
TOKEN_GROUPS
Specifies the SIDs of the access token's groups and whether any privileges are enabled.
TOKEN_INFORMATION_CLASS
Information being set in or retrieved from an access token.
TOKEN_OWNER
The SID of an access token's owner.
TOKEN_PRIMARY_GROUP
The SID of the access token's primary group.
TOKEN_PRIVILEGES
The privileges associated with an access token and whether the privileges are enabled.
TOKEN_SOURCE
The source of an access token.
TOKEN_STATISTICS
Statistics associated with an access token.
TOKEN_TYPE
Whether an access token is being used as an impersonation token.
TOKEN_USER
The SID of an access token's user.

You can use the following functions to manipulate access tokens.

Following are the functions an application can use to manipulate access tokens.

Function
Description
AdjustTokenGroups
Changes the group information in an access token.
AdjustTokenPrivileges
Changes the privileges in an access token.
DuplicateToken
Creates a new impersonation token that duplicates an existing token.
DuplicateTokenEx
Creates a new primary token or impersonation token that duplicates an existing token.
GetTokenInformation
Retrieves information about a token.
OpenProcessToken
Retrieves the handle of the access token for a process.
OpenThreadToken
Retrieves the handle of the access token for a thread.
SetThreadToken
Assigns or removes an impersonation token for a thread.
SetTokenInformation
Changes a token's owner, primary group, or default discretionary ACL.


Last news from Greatis Software

Nostalgia .Net     Nostalgia .Net     .Net is powerful, but not all-powerful, so sometimes we need to use Win32 API for our .Net applications. It's simple enough with Platform Invoke if you have Win32 skill, but we do not always have time to dig the ancient documentation, declare the special types that are compatible with Win32, find the values of the Win32's constants and so on. Nostalgia .Net offers several simple-to-use classes, and components that will allow you to forget about the headache of Win32 and just use the power of Win32 in your application the same way as you use the native. Net classes.  More »
Recommended software for developers

Ultimate Pack for Delphi and C++ Builder     Ultimate Pack     Component pack for Delphi and C++ Builder that contains runtime form designer, runtime object inspector, print suite and much more for the very special price.  More »
Form Designer .Net     Form Designer .Net     Unique runtime form design solution that allows to edit any form in .Net WinForms application at runtime with full source codes for only 300 euro!  More »
Print Suite .Net     Print Suite .Net     Print Suite .Net is a set of components for easy printing texts, images and grids from your WinForms applications. Full C# source codes are available  More »
Gradient Controls .Net     Gradient Controls .Net     Gradient Controls .Net offers controls with gradient background feature. Labels, panels and so on... Full C# source codes are available  More »
iGrid     Greatis iGrid     iGrid plots drawing grid right over your desktop, so you can use it everywhere, with any drawing application without any special plugins for different graphic editors.  More »


All the contacts and projects

Dmitry Vasiliev (just.dmitry)

Related Links

Software for Visual Studio .NET developers
Software for Delphi and C++ Builder developers
Software for Visual Basic 6 developers
Delphi Tips&Tricks
MegaDetailed.NET

More Online Helps

Win32 Programmer's Reference
Win32 Multimedia Programmer's Reference
OLE Programmer's Reference
Microsoft Windows Pen API Programmer's Reference
Microsoft Windows Sockets 2 Reference
Microsoft Windows Telephony API (TAPI) Programmer's Reference
Unix Manual Pages

Free Tech Secrets ;) Copyright © 2008-2012 Free Tech Secrets ;) greatis just4fun network just4fun