IFWXImpersonator Interface

The IFWXImpersonator interface holds user information so that the Microsoft Firewall service can impersonate the user.

Syntax

interface IFWXImpersonator : IUnknown

Methods

The IFWXImpersonator interface inherits the methods of the IUnknown interface.

In addition, IFWXImpersonator defines the following methods.

Method Description

Impersonate

Impersonates the authenticated user.

RevertToSelf

Reverts to the original user account after a successful call to the Impersonate method.

Remarks

Impersonators are typically implemented by the Firewall service (through the IFWXImpersonator interface that the applicable IFWXAuthenticatedUser interface inherits), as in the case when the service is performing an access check. This holds true for sessions that were created by the Firewall service.

Impersonators can also be implemented by filters that hold user credentials and are designed to function as application gateways. Such a filter can use the user credentials to implement the IFWXAuthenticatedUser interface (that inherits from IFWXImpersonator). The filter can create a session associated with a specific user by using the IFWXFirewall::CreatePrivateSession method, and providing it with the IFWXAuthenticatedUser interface that represents the applicable user.

A filter that needs to perform an access check for the user associated with a given session can do so by calling the IFWXSession::GetAuthenticatedUser method to retrieve the applicable IFWXAuthenticatedUser interface, and then calling the inherited IFWXImpersonator::Impersonate and IFWXImpersonator::RevertToSelf methods on that interface. These methods will invoke the corresponding methods of the IFWXImpersonator interface that is associated with the session object (regardless of whether it is implemented by the Firewall service or by an application filter).

For such a session, impersonation is performed by the application filter on behalf of the Firewall service through the IFWXAuthenticatedUser interface provided to the IFWXFirewall::CreatePrivateSession method.

Impersonators must be implemented as in-process servers.

Requirements

Server Requires Windows Server 2008.
Version Requires Forefront Threat Management Gateway (TMG).
Header

Declared in Wspfwext.idl.

See Also

Filter Interfaces
IFWXFirewall::CreatePrivateSession


Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.