06-26-04 03:16 PM
Ignore this. I've found the problem...two in fact:
1) I was using the wrong thread ID to fetch the current impersonation token.
Hence, there wasn't one active. duh!
2) The standard VB declaration for DuplicateToken is incorrect. The
SECURITY_IMPERSONATION_LEVEL parameter should be passed by value, not by
reference.
...thanks for listening anyway
Tony Proctor
"Tony Proctor" <tony_proctor@aimtechnology_NOSPAM_.com> wrote in message
news:exUgp4UWEHA.1164@tk2msftngp13.phx.gbl...
> I need a little help with getting an IIS thread (well, actually a DLLHOST
> one) to impersonate the same account as another thread is doing.
>
> My situation is as follows: our application involves a VB6 component. This
> accepts a number of special "admin" requests which have to be synchronised
> and marshalled across the remaining currently active IIS threads. They
also
> have to synchronize with external DCOM servers, but that's irrelevant to
> this description.
>
> The incoming admin request is handled, in the normal way, by a thread
> impersonating the client-side user. The code in the other threads is
> marshalled using a private Windows message, though, and so no
impersonation
> occurs. The code therefore executes in the native IWAM account and causes
> resource-access problems.
>
> What I would like to do is get each 'other' thread to adopt the same
> impersonation token as the source thread. Each 'other' thread currently
> knows the ID of the source thread.
>
> What I've tried is getting those threads to open the source thread, in
order
> to derive a thread handle from the thread ID, and then call
OpenThreadToken
> to retrieve its current token. The idea would then have been to call
> SetThreadToken, RevertToSelf, CloseHandle, etc. However, the
OpenThreadToken
> fails with error 1008, "An attempt was made to reference a token that does
> not exist".
>
> Any ideas what I might be doing wrong?
>
> Tony Proctor
>
>
[ Post a follow-up to this message ]
| 
