Context requirements are expressed as a combination of bit flags, passed to either the InitializeSecurityContext or AcceptSecurityContext function. These flags affect the context in a number of ways, and are detailed following. Not all flags apply to all contexts; some are valid only for the server, others only for the client.
The caller uses the fContextReq parameter of the InitializeSecurityContext or AcceptSecurityContext call to specify a set of flags that indicate the required capabilities. When the function returns, the pfContextAttr parameter indicates the attributes of the established context. The caller is responsible for determining whether the final context attributes are acceptable. For example, if the caller requested mutual authentication, but the security package indicates that it was not or could not be performed, the caller must decide whether to cancel the context or continue on.
The following table describes the various context requirements.
| Type | Description |
|---|---|
| DELEGATE | Indicates that the server in the transport application should be allowed simple delegation rights, that is, impersonation of the client on the node at which the server is executing. |
| MUTUAL_AUTH | Indicates that both parties must authenticate the identity of the peer. |
| REPLAY_DETECT | Indicates that the context should be established to allow detection of replayed packets later through the message support functions, MakeSignature and VerifySignature. Implies INTEGRITY. |
| SEQUENCE_DETECT | Indicates that the context should be established to allow detection of out-of-order delivery of packets later through the message support functions. Implies INTEGRITY. |
| CONFIDENTIALITY | Indicates that the context should be established to protect data while in transit. Reserved for future use. |
| USE_SESSION_KEY | Indicates that a new session key should be negotiated. |
| PROMPT_FOR_CREDS | Indicates that, if the client is an interactive user, the security package should prompt the user for the appropriate credentials to use, if possible. |
| USE_SUPPLIED_CREDS | Indicates that package-specific credential information is available in the input buffer. The security package should use these credentials to authenticate the connection. |
| ALLOCATE_MEMORY | Indicates that the security package should allocate the memory. The caller must eventually call the FreeContextBuffer function to free memory allocated by the security package. |
| USE_DCE_STYLE | Indicates that the caller expects a three-leg authentication transaction. |
| DATAGRAM | Indicates that datagram semantics should be used. For more information, see Datagram Contexts. |
| CONNECTION | Indicates that connection semantics should be used. For more information, see Connection-Oriented Contexts. |
| STREAM | Indicates that stream semantics should be used. For more information, see Stream Contexts. |
| EXTENDED_ERROR | Indicates that if the context fails (or failed), generate an error reply message for the peer. |
| INTEGRITY | Buffer integrity can be verified, but no sequencing or reply detection is enabled. |