I’m authoring a minifilter that basically acts as a virtual file system. A mixture of local and remote shares are mapped in to materialize a file system. In my API, the remote mappings may also contain a token for use when accessing that specific share. In my precreate handler, when I see a path that falls under one of the mapped remote paths, how can I impersonate the Create operation? I’ve tried PsImpersonateClient in the precreate and PsRevertToSelf , in the postcreate, but that doesn’t seem to cut it. I see that within SECURITY_SUBJECT_CONTEXT inside ACCESS_STATE inside IO_SECURITY_CONTEXT there’s a field for a ClientToken, but the documentation says I shouldn’t modify it directly and it’s unclear which support function lets me change that token.
Thanks in advance