| Microsoft Internet Security and Acceleration Server 2004 SDK |
The IFWXImpersonator interface holds user information so that the Microsoft Firewall service can impersonate the user.
The IFWXImpersonator interface inherits the methods of the standard COM interface IUnknown.
In addition, IFWXImpersonator defines the following methods.
| Method | Description |
|---|---|
| Impersonate | Impersonates the authenticated user. |
| RevertToSelf | Reverts to the original user account after a successful call to the Impersonate method. |
Impersonators are typically implemented by the Firewall service (through the IFWXImpersonator interface that the applicable IFWXAuthenticatedUser interface inherits), as in the case when the service is performing an access check. This holds true for sessions that were created by the Firewall service.
Impersonators can also be implemented by filters that hold user credentials and are designed to function as application gateways. Such a filter can use the user credentials to implement the IFWXAuthenticatedUser interface (that inherits from IFWXImpersonator). The filter can create a session associated with a specific user by using the IFWXFirewall::CreatePrivateSession method, and providing it with the IFWXAuthenticatedUser interface that represents the applicable user.
A filter that needs to perform an access check for the user associated with a given session can do so by calling the IFWXSession::GetAuthenticatedUser method to retrieve the applicable IFWXAuthenticatedUser interface, and then calling the inherited IFWXImpersonator::Impersonate and IFWXImpersonator::RevertToSelf methods on that interface. These methods will invoke the corresponding methods of the IFWXImpersonator interface that is associated with the session object (regardless of whether it is implemented by the Firewall service or by an application filter).
For such a session, impersonation is performed by the application filter on behalf of the Firewall service through the IFWXAuthenticatedUser interface provided to the IFWXFirewall::CreatePrivateSession method.
Impersonators must be implemented as in-process servers.
Server: Requires Windows Server 2003 or
Windows 2000.
Version: Requires Internet Security and Acceleration
Server 2004.
Header: Declared in Wspfwext.idl.
Filter Interfaces, IFWXFirewall::CreatePrivateSession