Discuss this help topic in CBFS Forum

CallbackFileSystem.GetOriginatorToken method


Pascal    C++ (Lib)    C++ (VCL)    C++ (.NET)    C#    VB.NET    Java 

CallbackFileSystem     See also    


Returns the security token of the process that initiated the operation


    function GetOriginatorToken : THandle;

[C++ (Lib)]
    HANDLE GetOriginatorToken();

[C++ (VCL)]
    HANDLE __fastcall GetOriginatorToken();

[C++ (.NET)]
    IntPtr GetOriginatorToken();

    IntPtr GetOriginatorToken();

    Function GetOriginatorToken() As IntPtr

    long getOriginatorToken();

Return values

Handle to the token if the function succeeded or INVALID_HANDLE_VALUE if the function failed.


Use GetOriginatorToken to get the security token of the process that originated the operation. You can use the security token to retrieve various security-related information using GetTokenInformation() function of Windows API.

Do not call this method from handlers for OnReadFile, OnWriteFile and other callbacks that work with opened files, as that callbacks can be initiated by the system components (cache manager, memory manager etc.). Instead do the following:

  1. Call GetOriginatorToken from OnCreateFile or OnOpenFile event handlers / callbacks;
  2. Store obtained information somewhere and store the reference to this information in the UserContext;
  3. When you need to check the originator information in some file-related callback, access the stored information via UserContext

NOTE: you must call CloseHandle() function of Windows API to close the obtained token handle.

Network access
If you share the created virtual disk, you might want to get security information (account name etc.) of the network user, who accesses the virtual disk. Disks can be shared in several modes in Windows:

  • First is authenticated mode. In this case the network redirector (the process that receives remote disk requests and directs them to the disk driver) is impersonated to the account of the caller user and GetOriginatorToken method will return account information of that caller.
  • Next is guest mode. In this mode GetOriginatorToken returns information of GUEST account.
  • Third mode is administrative shares (those that exist by default and are named C$, D$ etc.). For such shares GetOriginatorToken returns information of LOCAL_SYSTEM account.

Call from...

This method may be called only from callback / event handlers.

See also

GetOriginatorProcessId     GetOriginatorProcessName    

Discuss this help topic in CBFS Forum