Share via

IFWXImpersonator interface

  • Article

Applies to: desktop apps only

The IFWXImpersonator interface holds user information so that the Microsoft Firewall service can impersonate the user.

Members

The IFWXImpersonator interface inherits from the IUnknown interface. IFWXImpersonator also has these types of members:

  • Methods

Methods

The IFWXImpersonator interface has these methods.

Method Description
Impersonate

Impersonates the authenticated user.
RevertToSelf

Reverts to the original user account after a successful call to the Impersonate method.

 

Remarks

Impersonators are typically implemented by the Firewall service (through the IFWXImpersonator interface that the applicable IFWXAuthenticatedUser interface inherits), as in the case when the service is performing an access check. This holds true for sessions that were created by the Firewall service.

Impersonators can also be implemented by filters that hold user credentials and are designed to function as application gateways. Such a filter can use the user credentials to implement the IFWXAuthenticatedUser interface (that inherits from IFWXImpersonator). The filter can create a session associated with a specific user by using the IFWXFirewall::CreatePrivateSession method, and providing it with the IFWXAuthenticatedUser interface that represents the applicable user.

A filter that needs to perform an access check for the user associated with a given session can do so by calling the IFWXSession::GetAuthenticatedUser method to retrieve the applicable IFWXAuthenticatedUser interface, and then calling the inherited IFWXImpersonator::Impersonate and IFWXImpersonator::RevertToSelf methods on that interface. These methods will invoke the corresponding methods of the IFWXImpersonator interface that is associated with the session object (regardless of whether it is implemented by the Firewall service or by an application filter).

For such a session, impersonation is performed by the application filter on behalf of the Firewall service through the IFWXAuthenticatedUser interface provided to the IFWXFirewall::CreatePrivateSession method.

Impersonators must be implemented as in-process servers.

Requirements

Minimum supported client

 None supported

Minimum supported server

 Windows Server 2008 R2, Windows Server 2008 with SP2 (64-bit only)

Version

 Forefront Threat Management Gateway (TMG) 2010

Header

 Wspfwext.idl

See also

Filter Interfaces

IFWXFirewall::CreatePrivateSession

 

 

Build date: 7/12/2010