locked
How to convert struct _SecHandle initialized by InitializeSecurityContext to be used as HANDLE for GetTokenInformation function? RRS feed

  • Question

  • Hi,

    I've a client and server application running in an active directory domain. I need to authenticate the user running the client with the server.

    I could authenticate the user at server end by using the SSPI-exchange loop (given here: here).

    Now, on the server side, I've this accepted security context in struct _SecHandle, using which I want to know whether the user is member of certain user groups in that AD domain.

    For, this usual way is like here or using CheckTokenMembership function.

    But, both these functions (CheckTokenMembership & GetTokenInformation) use HANDLE as returned by OpenProcessToken.

    My questions are:

    1) Is it possible to use the struct _SecHandle that we already have when the authentication was done?

    2) Our application has its own groups and user which are member of these groups are allowed access our applications.

        --- How can I check that user hat has logged in & started the client is the part of these specific group names?

        --- CheckTokenMembership uses pre-defined SIDs to search for groups. How can we use user-defined group names in this function?

    Can you please guide on this?

    Thanks for your guidance.

    Thanks and Regards.

    Tuesday, May 1, 2012 3:57 AM

Answers

  • For 2) use GetTokenInformation with TokenGroups then match the SID with NetGroupEnum

    regards,

    vincent

    • Marked as answer by msdnNovice Thursday, June 14, 2012 3:47 AM
    Wednesday, May 9, 2012 8:25 PM

All replies

  • Use ImpersonateSecurityContext to impersonate the token of the user then CheckTokenMembership with NULL as HANDLE.

    regards,

    Vincent

    Wednesday, May 9, 2012 8:22 PM
  • For 2) use GetTokenInformation with TokenGroups then match the SID with NetGroupEnum

    regards,

    vincent

    • Marked as answer by msdnNovice Thursday, June 14, 2012 3:47 AM
    Wednesday, May 9, 2012 8:25 PM