问题描述

在服务器上调用 ImpersonateSecurityContext 在调用线程上或整个过程中模拟客户端. 文档在此问题上有点含糊声明该函数创建模拟令牌，并允许线程或进程在模拟上下文中运行"..

Is calling ImpersonateSecurityContext on the server impersonating the client on the calling thread or for the entire process. The documentation is a bit vague on the matter as it states that "The function creates an impersonation token and allows the thread or process to run with the impersonation context".

我假设模拟仅适用于调用线程，其他任何事情都会很奇怪，但是我想确定.

I assume that impersonation is only for the calling thread, anything else would be strange, but I want to be sure.

推荐答案

每个MSDN:

客户端模拟

Microsoft Windows API提供以下功能来开始模拟:
...
-安全软件包或应用程序服务器可以调用ImpersonateSecurityContext函数来模拟客户端.

The Microsoft Windows API provides the following functions to begin an impersonation:
...
- A security package or application server can call the ImpersonateSecurityContext function to impersonate a client.

因此，模拟是在每个线程的基础上完成的.

So Impersonation is done on a per-thread basis.

模拟可用于以模拟用户的身份生成新进程(通过使用 DuplicateTokenEx() 和 CreateProcessAsUser() )，但模拟永远不会使调用进程以模拟用户的身份运行，而只会使调用 thread 的用户身份运行.

Impersonation can be used to spawn a new process as the impersonated user (by using DuplicateTokenEx() and CreateProcessAsUser()) but impersonation never makes the calling process run as the impersonated user, only the calling thread.

在服务器上下文中，可以同时连接多个客户端，如果将客户端模拟应用于整个流程范围的基础上将非常危险.

In a server context, where multiple clients can be connected at the same time, it would be very dangerous if client impersonation was applied on a process-wide basic.

这篇关于是否在Win32中模拟每个线程?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！