| Platform SDK: Logon Authentication |
Windows 2000 credentials offer more flexibility and their use is recommended. However, a server-side application that serves Windows NT 4.0 clients might need to use legacy formats because Windows 2000 credentials use CryptoAPI 2.0 private keys. Schannel prior to Windows 2000 cannot perform necessary server-side SSL operations without access to a security principal's private key. If the server private keys are not exportable, the old credentials formats must be used.
When credentials created prior to Windows 2000 are used, a pointer to an SCH_CRED structure is passed in the pAuthData parameter when calling AcquireCredentialsHandle.
Certificates are passed in the paPublic member of the SCH_CRED structure as a pointer to a SCH_CRED_PUBLIC_CERTCHAIN structure.
An RSA private key is exported from a CryptoAPI 2.0 private key BLOB into the pPrivateKey member of a SCH_CRED_SECRET_PRIVKEY structure using CryptExportKey. After the key has been exported, the private key BLOB can be destroyed.