Export (0) Print
Expand All
Expand Minimize

AddCredential function

[AddCredential is available for use in the operating systems specified in the Requirements section. It may be altered or unavailable in subsequent versions. Applications should use the LsaCallAuthenticationPackage function with KerbAddExtraCredentialsMessage specified as the message type. KerbAddExtraCredentialsMessage is a KERB_PROTOCOL_MESSAGE_TYPE enumeration value.]

Adds credentials to a logon session. These credentials can later be referenced through a call to the GetCredentials function.

Syntax


NTSTATUS AddCredential(
  _In_  PLUID LogonId,
  _In_  ULONG AuthenticationPackage,
  _In_  PLSA_STRING PrimaryKeyValue,
  _In_  PLSA_STRING Credentials
);

Parameters

LogonId [in]

A pointer to an LUID that contains the session ID of the logon session to which credentials are to be added.

AuthenticationPackage [in]

The authentication package ID of the calling authentication package. This value is received in the LsaApInitializePackage call during DLL initialization.

PrimaryKeyValue [in]

A string that contains a value that the authentication package will later need to reference as a primary key of the credential data. This can be used, for example, to keep the name of the domain or server the credentials are related to. The format and meaning of this string are specific to the authentication package. Note that the string value does not have to be unique, even for the specified logon session. For example, there can be two passwords for the same domain, each with the passwords stored as credentials and the domain name stored as the primary key.

Credentials [in]

A string that represents the user credentials. The format and meaning of this string are specific to the authentication package.

Return value

If the function succeeds, the function returns STATUS_SUCCESS.

If the function fails, it returns an NTSTATUS code, which can be the following value or one of the LSA Policy Function Return Values.

Return codeDescription
STATUS_NO_SUCH_LOGON_SESSION

The specified logon session could not be found.

 

The LsaNtStatusToWinError function converts an NTSTATUS code to a Windows error code.

Remarks

The body of the credential string must be self-relative; that is, it must contain no pointers to memory outside the credentials. Credentials are copied, and any pointers outside the credentials themselves will no longer be valid in the copy. In particular, strings referred to in credentials should have both the UNICODE_STRING header and body placed in the credential buffer. Pointers to strings in the body of credentials should be changed to offsets.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Ntsecpkg.h

See also

GetCredentials
LSA_DISPATCH_TABLE
LSA_SECPKG_FUNCTION_TABLE

 

 

Community Additions

ADD
Show:
© 2014 Microsoft