Platform SDK: Logon Authentication

Credential Management

SSPI credential management functions provide a credentials handle, a reference to an opaque security object, for accessing a principal. The security object is opaque because the application has access only to the handle and not to the actual contents of the structure.

All references to the contents of a credential context are through the object's handle and the security package de-references the handle to access the specifics of credentials. A credential handle is a 64-bit value between {0x00000000, 0x0000000} and {0xFFFFFFFF, 0xFFFFFFFE}.

Applications use the credentials handle with context management functions to create a security context.

Credential management functions also release credential handles and query the attributes of credentials. At present, the name associated with a credential is the only attribute that can be queried.

The following functions are used with credentials management.

Function Description
AcquireCredentialsHandle Acquires a handle to the pre-existing credentials of a specified principal.
ExportSecurityContext Exports a security context into a context buffer.
FreeCredentialsHandle Releases a credential handle and associated resources.
ImportSecurityContext Imports a security context exported by using ExportSecurityContext into the current process.
QueryCredentialsAttributes Queries a credential handle for the name associated with the credential.