IFWXImpersonator Interface

The IFWXImpersonator interface holds user information so that the Microsoft Firewall service can impersonate the user.


interface IFWXImpersonator : IUnknown


The IFWXImpersonator interface inherits the methods of the IUnknown interface.

In addition, IFWXImpersonator defines the following methods.

Method Description


Impersonates the authenticated user.


Reverts to the original user account after a successful call to the Impersonate method.


Impersonators are typically implemented by the Firewall service (through the IFWXImpersonator interface that the applicable IFWXAuthenticatedUser interface inherits), as in the case when the service is performing an access check. This holds true for sessions that were created by the Firewall service.

Impersonators can also be implemented by filters that hold user credentials and are designed to function as application gateways. Such a filter can use the user credentials to implement the IFWXAuthenticatedUser interface (that inherits from IFWXImpersonator). The filter can create a session associated with a specific user by using the IFWXFirewall::CreatePrivateSession method, and providing it with the IFWXAuthenticatedUser interface that represents the applicable user.

A filter that needs to perform an access check for the user associated with a given session can do so by calling the IFWXSession::GetAuthenticatedUser method to retrieve the applicable IFWXAuthenticatedUser interface, and then calling the inherited IFWXImpersonator::Impersonate and IFWXImpersonator::RevertToSelf methods on that interface. These methods will invoke the corresponding methods of the IFWXImpersonator interface that is associated with the session object (regardless of whether it is implemented by the Firewall service or by an application filter).

For such a session, impersonation is performed by the application filter on behalf of the Firewall service through the IFWXAuthenticatedUser interface provided to the IFWXFirewall::CreatePrivateSession method.

Impersonators must be implemented as in-process servers.


Server Requires Windows Server 2008.
Version Requires Forefront Threat Management Gateway (TMG).

Declared in Wspfwext.idl.

See Also

Filter Interfaces

Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.