AuthzInitializeContextFromToken function (authz.h)

The AuthzInitializeContextFromToken function initializes a client authorization context from a kernel token. The kernel token must have been opened for TOKEN_QUERY.

Starting with Windows Server 2012 and Windows 8, this function can also copy device groups, user claims, and device claims.


AUTHZAPI BOOL AuthzInitializeContextFromToken(
  [in]           DWORD                         Flags,
  [in]           HANDLE                        TokenHandle,
  [in]           AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager,
  [in, optional] PLARGE_INTEGER                pExpirationTime,
  [in]           LUID                          Identifier,
  [in, optional] PVOID                         DynamicGroupArgs,
  [out]          PAUTHZ_CLIENT_CONTEXT_HANDLE  phAuthzClientContext


[in] Flags

Reserved for future use.

[in] TokenHandle

A handle to the client token used to initialize the pAuthzClientContext parameter. The token must have been opened with TOKEN_QUERY access.

[in] hAuthzResourceManager

A handle to the resource manager that created this client context. This handle is stored in the client context structure.

[in, optional] pExpirationTime

Expiration date and time of the token. If no value is passed, the token never expires. Expiration time is not currently enforced.

[in] Identifier

Identifier that is specific to the resource manager. This parameter is not currently used.

[in, optional] DynamicGroupArgs

A pointer to parameters to be passed to the callback function that computes dynamic groups.

[out] phAuthzClientContext

A pointer to the AuthzClientContext handle returned. Call AuthzFreeContext when done with the client context.

Return value

If the function succeeds, it returns TRUE.

If the function fails, it returns FALSE. To get extended error information, call GetLastError.


This function calls the AuthzComputeGroupsCallback callback function to add security identifiers to the newly created context.


Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header authz.h
Library Authz.lib
DLL Authz.dll
Redistributable Windows Server 2003 Administration Tools Pack on Windows XP

See also


Basic Access Control Functions