O'Reilly logo

Learning DCOM by Thuan L. Thai

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Access Token

In Windows NT, an access token is an important security element that identifies not only a specific user, but much more information. A few important elements of an access token include a user’s access privileges, security identifier (SID), and group SIDs, which represent the groups in which the user belongs. If you have a specific user’s access token and the appropriate access rights, you can know pretty much everything about the user.

In the previous section, the ValidateCall function instantiated a CImpersonatedUser C++ class and invoked the ObtainAccessToken method to obtain the remote user’s access token. Because the CImpersonatedUser class encapsulates an access token, we will be able to inquire for the following client security information. Due to the way NTLM works, we can obtain all this information on the server side without knowing the client’s password.

  • Security identifier (SID)—Unique identifier that identifies a specific user. Each user account is automatically assigned a SID on Windows NT when the account is created. Even if you delete and create a brand new account with the same name as the previous account, you will not get the same SID; instead, NT assigns a new and unique SID each time.

  • User name.

  • Domain name.

  • SIDs of the groups in which the user belongs.

  • Names of the groups in which the user belongs.

As shown in the following code, the CImpersonatedUser class is straightforward, so let’s briefly introduce the bolded member functions of this class, as we’ll ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required