diff --git a/PInvoke/Security/AdvApi32/SecurityBaseApi.cs b/PInvoke/Security/AdvApi32/SecurityBaseApi.cs
new file mode 100644
index 00000000..cacd5bd7
--- /dev/null
+++ b/PInvoke/Security/AdvApi32/SecurityBaseApi.cs
@@ -0,0 +1,70 @@
+using System;
+using System.ComponentModel;
+using System.Runtime.InteropServices;
+using Vanara.InteropServices;
+
+namespace Vanara.PInvoke
+{
+ public static partial class AdvApi32
+ {
+ ///
+ ///
+ /// The ImpersonateLoggedOnUser function lets the calling thread impersonate the security context of a logged-on user. The
+ /// user is represented by a token handle.
+ ///
+ ///
+ ///
+ ///
+ /// A handle to a primary or impersonation access token that represents a logged-on user. This can be a token handle returned by a
+ /// call to LogonUser, CreateRestrictedToken, DuplicateToken, DuplicateTokenEx, OpenProcessToken, or OpenThreadToken functions. If
+ /// hToken is a handle to a primary token, the token must have TOKEN_QUERY and TOKEN_DUPLICATE access. If hToken is a
+ /// handle to an impersonation token, the token must have TOKEN_QUERY and TOKEN_IMPERSONATE access.
+ ///
+ ///
+ ///
+ /// If the function succeeds, the return value is nonzero.
+ /// If the function fails, the return value is zero. To get extended error information, call GetLastError.
+ ///
+ ///
+ /// The impersonation lasts until the thread exits or until it calls RevertToSelf.
+ /// The calling thread does not need to have any particular privileges to call ImpersonateLoggedOnUser.
+ ///
+ /// If the call to ImpersonateLoggedOnUser fails, the client connection is not impersonated and the client request is made in
+ /// the security context of the process. If the process is running as a highly privileged account, such as LocalSystem, or as a
+ /// member of an administrative group, the user may be able to perform actions they would otherwise be disallowed. Therefore, it is
+ /// important to always check the return value of the call, and if it fails, raise an error; do not continue execution of the client request.
+ ///
+ ///
+ /// All impersonate functions, including ImpersonateLoggedOnUser allow the requested impersonation if one of the following is true:
+ ///
+ ///
+ /// -
+ ///
+ /// The requested impersonation level of the token is less than SecurityImpersonation, such as SecurityIdentification
+ /// or SecurityAnonymous.
+ ///
+ ///
+ /// -
+ /// The caller has the SeImpersonatePrivilege privilege.
+ ///
+ /// -
+ ///
+ /// A process (or another process in the caller's logon session) created the token using explicit credentials through LogonUser or
+ /// LsaLogonUser function.
+ ///
+ ///
+ /// -
+ /// The authenticated identity is same as the caller.
+ ///
+ ///
+ /// Windows XP with SP1 and earlier: The SeImpersonatePrivilege privilege is not supported.
+ /// For more information about impersonation, see Client Impersonation.
+ ///
+ // https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-impersonateloggedonuser
+ // BOOL ImpersonateLoggedOnUser( HANDLE hToken );
+ [DllImport(Lib.AdvApi32, SetLastError = true, ExactSpelling = true)]
+ [PInvokeData("securitybaseapi.h", MSDNShortId = "cf5c31ae-6749-45c2-888f-697060cc8c75")]
+ [return: MarshalAs(UnmanagedType.Bool)]
+ public static extern bool ImpersonateLoggedOnUser(SafeTokenHandle hToken);
+ }
+}