Export (0) Print
Expand All
Expand Minimize

SspiEncryptAuthIdentityEx function

Encrypts a SEC_WINNT_AUTH_IDENTITY_OPAQUE structure.

Syntax


SECURITY_STATUS SspiEncryptAuthIdentityEx(
  _In_     ULONG Options,
  _Inout_  PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData
);

Parameters

Options [in]

Encryption options. This can be one or more of the following values.

ValueMeaning
SEC_WINNT_AUTH_IDENTITY_ENCRYPT_SAME_LOGON

The encrypted structure can only be decrypted by a security context in the same logon session. This option is used to protect an identity buffer that is being sent over a local RPC.

SEC_WINNT_AUTH_IDENTITY_ENCRYPT_SAME_PROCESS

The encrypted structure can only be decrypted by the same process. Calling the function with this option is equivalent to calling SspiEncryptAuthIdentity. This option is used to protect an identity buffer that is being persisted in a process's private memory for an extended period.

 

AuthData [in, out]

On input, a pointer to an identity buffer to encrypt. This buffer must be prepared for encryption prior to the call to this function. This can be done by calling the function SspiEncryptAuthIdentity. On output, the encrypted identity buffer.

Return value

If the function succeeds, it returns SEC_E_OK.

If the function fails, it returns a nonzero error code.

Remarks

To transfer credentials securely across processes, applications typically call this function with the SEC_WINNT_AUTH_IDENTITY_ENCRYPT_SAME_LOGON option, followed by SspiMarshalAuthIdentity to obtain a marshaled authentication buffer and its length. For example, Online Identity Credential Provider does this to return the authentication buffer from their ICredentialProviderCredential::GetSerialization method.

Requirements

Minimum supported client

Windows 8 [desktop apps only]

Minimum supported server

Windows Server 2012 [desktop apps only]

Header

Sspi.h

 

 

Community Additions

ADD
Show:
© 2014 Microsoft