When the application makes a second call to the InitializeSecurityContext function, the parameters are similar to the first call. The following code example, showing the second call to InitializeSecurityContext, assumes that the security buffer returned from the server is in InputSecurityBuffer and the length of that buffer is in InputSecurityBufferSize.
SecBufferDesc OutputBufferDescriptor,
InputBufferDescriptor;
SecBuffer OutputSecurityToken,
InputSecurityToken;
ULONG ulContextAttributes;
TimeStamp tsExpiry;
// Build the input buffer descriptor.
InputBufferDescriptor.cBuffers = 1;
InputBufferDescriptor.pBuffers = &InputSecurityToken;
InputBufferDescriptor.ulVersion = SECBUFFER_VERSION;
InputSecurityToken.BufferType = SECBUFFER_TOKEN;
InputSecurityToken.cbBuffer = InputSecurityBufferSize;
InputSecurityToken.pvBuffer = InputSecurityBuffer;
// Build the output buffer descriptor.
OutputBufferDescriptor.cBuffers = 1;
OutputBufferDescriptor.pBuffers = &OutputSecurityToken;
OutputBufferDescriptor.ulVersion = SECBUFFER_VERSION;
OutputSecurityToken.BufferType = SECBUFFER_TOKEN;
OutputSecurityToken.cbBuffer = pPackageInfo->cbMaxToken;
OutputSecurityToken.pvBuffer =
LocalAlloc (0, OutputSecurityToken.cbBuffer);
// Insert code here to check for memory allocation failure.
// ...
// Ignore the pszTargetName and fContextReq parameters on this
// call. This time, instead of passing NULL for phContext, pass
// the context handle received on the first call.
status = InitializeSecurityContext (
&hCredential,
&hContext,
NULL, // No target name
0, // No context requirements
0, // Reserved parameter
SECURITY_NATIVE_DREP, // Target data representation
&InputBufferDescriptor, // Input buffer
0, // Reserved parameter
&hContext, // Same as the old context
&OutputBufferDescriptor,// Receives output security token
&ulContextAttributes, // Receives context attributes
&tsExpiry); // Receives context expiration
// time
If the InitializeSecurityContext call is successful, it returns SEC_E_OK, and the application transmits the output security buffer and buffer length to the server, as it did after the first call to InitializeSecurityContext. If it fails, an error value returns.
When the application has finished setting up the security context, the application can begin using the security context in calls to the MakeSignature and VerifySignature functions to make and verify message signatures, even though the server has not yet finished authenticating the client.