I’ll often see a customer ask for assistance with a scenario like this: “We’re having trouble doing X. We’re doing X1, X2, and X3, but it looks like we’re getting the wrong answer back.”<\/p>\n
The next step in the conversation goes something like “There must be something else going on, because X1, X2 and X3 is the correct way of doing X. To demonstrate, I’ve written the following sample program that illustrates doing X by the X1, X2, X3 technique. When I run it, I get the correct answer. What do you get when you run it?”<\/p>\n
“When we run your program we get the correct answer, but it doesn’t work when we do it from our program.” And then, as if by afterthought, “Could the problem be that we’re impersonating?”<\/p>\n
Ohhhhhh, you’re impersonating<\/i>. Thanks for not mentioning that.<\/p>\n
By default, nothing works when impersonating. Impersonation requires end-to-end awareness. A function might create a worker thread\u2014the worker thread runs with the identity of the process. A function might use a function like The requirements go beyond just code that runs during the execution of the function in question. If you have a function which caches information across calls, the cache needs to be made impersonation-aware so that a value calculated when called while impersonating user\u00a0X isn’t mistakenly used while impersonating user\u00a0Y.<\/p>\n In order for impersonation to work, every function all the way down the chain needs to be impersonation-safe. Sure, you might be careful to call Queue\u00adUsere\u00adWork\u00adItem<\/code>\u2014by default, the work item runs with the identity of the process. (You have to pass WT_Co\u00adSet\u00adProxy\u00adBlanket<\/code> to enable impersonation transfer during marshaling, and the server needs to call CoImpersonateClient<\/code>. For some reason, this is called cloaking<\/a>.) The registry keys HKEY_CURRENT_USER<\/code> and HKEY_CLASSES_ROOT<\/code> don’t work when you’re impersonating. (You have to use RegOpenCurrentUser<\/code> or RegOpenUserClassesRoot<\/code><\/a>.) Functions like SHGetKnownFolderPath<\/code> have a token parameter which is used when impersonating; if you pass NULL<\/code>, then it assumes you aren’t impersonating.<\/p>\nQueueUserWorkItem<\/code> with the WT_TRANSFER_IMPERSONATION<\/code> flag, and your work item is careful to call SetProxyBlanket<\/code> on its COM objects, and your COM server is careful to call CoImpersonateClient<\/code> when servicing the call, but if your COM server then calls a helper object which calls SHGetKnownFolderPath<\/code> and passes NULL<\/code> for the impersonation token, then all your careful work has been for naught.<\/p>\n