Encrypts a SEC_WINNT_AUTH_IDENTITY_OPAQUE structure.
SECURITY_STATUS SspiEncryptAuthIdentityEx( _In_ ULONG Options, _Inout_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData );
- Options [in]
Encryption options. This can be one or more of the following values.
The encrypted structure can only be decrypted by a security context in the same logon session. This option is used to protect an identity buffer that is being sent over a local RPC.
The encrypted structure can only be decrypted by the same process. Calling the function with this option is equivalent to calling SspiEncryptAuthIdentity. This option is used to protect an identity buffer that is being persisted in a process's private memory for an extended period.
- AuthData [in, out]
On input, a pointer to an identity buffer to encrypt. This buffer must be prepared for encryption prior to the call to this function. This can be done by calling the function SspiEncryptAuthIdentity. On output, the encrypted identity buffer.
If the function succeeds, it returns SEC_E_OK.
If the function fails, it returns a nonzero error code.
To transfer credentials securely across processes, applications typically call this function with the SEC_WINNT_AUTH_IDENTITY_ENCRYPT_SAME_LOGON option, followed by SspiMarshalAuthIdentity to obtain a marshaled authentication buffer and its length. For example, Online Identity Credential Provider does this to return the authentication buffer from their ICredentialProviderCredential::GetSerialization method.
Minimum supported client
|Windows 8 [desktop apps only]|
Minimum supported server
|Windows Server 2012 [desktop apps only]|