IWMSAuthenticationContext::GetImpersonationAccountName
.gif)
| Previous | Next |
IWMSAuthenticationContext::GetImpersonationAccountName
The server calls the GetImpersonationAccountName method to retrieve the name of the Windows 2000 security user or group account that the authentication context simulates if authentication succeeds.
Syntax
HRESULT GetImpersonationAccountName( BSTR* pAccountName );
Parameters
pAccountName
[out] Pointer to the BSTR value containing the account name.
Return Values
If the method succeeds, the plug-in must return S_OK. To report an error, the plug-in can return any HRESULT other than S_OK. If the plug-in uses the IWMSEventLog interface to log error information directly to the Windows Event Viewer, it is recommended that it return NS_E_PLUGIN_ERROR_REPORTED. Typically, the server attempts to make plug-in error information available to the server object model, the Windows Event Viewer, and the troubleshooting list in the details pane of the Windows Media Services MMC. However, if the plug-in uses the IWMSEventLog interface to send custom error information to the Windows Event Viewer, returning NS_E_PLUGIN_ERROR_REPORTED stops the server from also logging to the event viewer. For more information about retrieving plug-in error information, see Identifying Plug-in Errors.
Remarks
To impersonate a logged on user, a plug-in must retrieve a token that represents the user. How you do this depends upon the authentication protocol that your plug-in is designed to implement. For example, a Digest Authentication plug-in can use the ImpersonateLoggedOnUser Windows API function, and NTLM can use the QuerySecurityContextToken function. These functions are documented in the Platform SDK.
Example Code
HRESULT CAuthentContext::GetImpersonationAccountName(
BSTR* bstrAccountName )
{
// Impersonate the security context of the logged-on user. The
// user is represented by a token handle. The token can be
// created by calling the Win32 API function LogOnUser(). For
// more information, see the Implementing the Authenticate
// Method section.
ImpersonateLoggedOnUser( m_hToken );
// Open the token and retrieve a handle to it.
HRESULT hr = S_OK;
HANDLE hThreadToken = INVALID_HANDLE_VALUE;
UCHAR InfoBuffer[ 512 ];
DWORD cbInfoBuffer = 512;
OpenThreadToken( GetCurrentThread(),
TOKEN_QUERY,
TRUE,
&hThreadToken )
// Retrieve information about the user account for the token.
GetTokenInformation(
hThreadToken,
TokenUser,
InfoBuffer,
cbInfoBuffer,
&cbInfoBuffer ) )
// Determine how much buffer is needed to contain the
// domain and user name.
DWORD cchUserName = 0;
DWORD cchDomainName = 0;
SID_NAME_USE snu;
LookupAccountSid(
NULL,
( ( PTOKEN_USER )InfoBuffer)->User.Sid,
NULL,
&cchUserName,
NULL,
&cchDomainName,
&snu );
DWORD cchAccountName = cchUserName + cchDomainName;
LPWSTR pszAccountName =
(LPWSTR) _alloca( (cchAccountName+1) * sizeof(WCHAR) );
// Retrieve the domain and user names.
LookupAccountSid( NULL,
( ( PTOKEN_USER )InfoBuffer)->User.Sid,
pszAccountName + cchDomainName,
&cchUserName,
pszAccountName,
&cchDomainName,
&snu ) )
// Add a separator to the name and copy the name into
// the return value.
LPWSTR lpSeparator = pszAccountName + wcslen( pszAccountName );
*lpSeparator = '\\';
CComBSTR bstrAccountName(pszAccountName);
// Terminate the impersonation.
RevertToSelf();
return( hr );
}
Requirements
Header: authen.h.
Library: WMSServerTypeLib.dll.
Platform: Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition; Windows Server 2008.
See Also
| Previous | Next |