Platform SDK: Logon Authentication |
SSPI credential functions enable applications to gain access to the credentials of a principal and to free such access. Schannel credentials are based on the X.509 certificate. Schannel still supports version 1 certificates, but using version 3 certificates is recommended. Schannel does not perform certificate management. It relies on the application to perform certificate management using CryptoAPI functions. For more information, see Certificate and Certificate Store Functions.
Before making a secure Schannel connection, a principal's application generates a credential that provides access to the principal's private key and certificate. These are used by Schannel to establish the secure connection. The certificate is sent to the remote computer and serves to authenticate the principal to the remote computer.
Establishing the credentials also configures Schannel. Settings made while creating a credential apply to all of the contexts created with the credential.
An application creates credentials by calling AcquireCredentialsHandle and passing in Schannel-specific data in the pAuthData parameter. To use Schannel, set the pszPackage parameter to the defined constant UNISP_NAME or the string "Microsoft Unified Security Protocol Provider". Server applications pass in SECPKG_CRED_INBOUND in the fCredentialUse parameter. Client applications pass SECPKG_CRED_OUTBOUND.