IFWXImpersonator

The IFWXImpersonator object holds user information so that the Firewall service can impersonate the user. Impersonators are typically implemented by the Firewall service, as in the case when the service is performing an access check. This holds true for sessions created by the firewall service. When a session has been created by a filter using the IFWXFirewall::CreatePrivateSession method, impersonation is performed by the application filter on behalf of the Firewall service through IFWXImpersonator.

Impersonators must be implemented as in-process servers.

Notes to Implementers

The filter can implement IFWXImpersonator when using a private session if the filter can authenticate the user. The authentication may be on the protocol level, or for out-of-band communication.

For more information about private sessions, see IFWXFilter::CreatePrivateSession.

Typical Implementations

Implemented by the Firewall service.

Example Code

class CFWXImpersonator :
	public CComObjectRootEx<CComMultiThreadModel>,
	public IFWXImpersonator {

public:

	BEGIN_COM_MAP(CFWXImpersonator)
		COM_INTERFACE_ENTRY(IFWXImpersonator)
	END_COM_MAP()

	// IFWXImpersonator
	HRESULT STDMETHODCALLTYPE Impersonate(void) {
		HRESULT hr = S_OK;
			if (!ImpersonateLoggedOnUser(m_token)) {
			hr = HRESULT_FROM_WIN32(GetLastError());
		}
		return hr;
}

	HRESULT STDMETHODCALLTYPE RevertToSelf(void) {
		HRESULT hr = S_OK;
			if (!RevertToSelf()) {
			hr = HRESULT_FROM_WIN32(GetLastError());
		}

		return hr;
}

	// Initialize from a token handle
	HRESULT Initialize(HANDLE token) { m_token = token; return S_OK; }
	// Initialize from username + password
	HRESULT Initialize(LPCSTR UserName, LPCSTR Domain, LPCSTR Password) {
			 if (LogonUser(
				 UserName,
				 Domain,
				 Password,
				 LOGON32_LOGON_NETWORK,
				 LOGON32_PROVIDER_DEFAULT,
				 &m_hToken)) return S_OK;
			 else {
				 return HRESULT_FROM_WIN32(GetLastError());
			 }
}
private:
	HANDLE m_token;
};