| Platform SDK: Logon Authentication |
For Windows 2000 and later, Schannel chooses a suitable client certificate if the application does not specify one. Client applications can choose the client certificate by specifying the SCH_CRED_NO_DEFAULT_CREDS flag in the dwFlags member of the SCHANNEL_CRED structure when creating credentials.
In the default case, the client side of Schannel validates incoming server certificates, and fails if the certificate is not perfect. Client applications can validate the server certificate by specifying the SCH_CRED_MANUAL_CRED_VALIDATION flag in the dwFlags member of the SCHANNEL_CRED structure when creating credentials.
Schannel applications to create a credential AcquireCredentialsHandle. Client applications often begin by creating a NULL credential and only create real credentials if the server asks for them. A NULL credential is created by passing SCHANNEL_CRED with an empty list of certificate contexts in the pAuthData parameter of AcquireCredentialsHandle.