Make Token

The logon session created with LogonUserA has the same local identifier as the caller, which is why, somewhat confusingly, you see "impersonated " in the console output. But the alternate credentials are used when accessing a remote resource.