Expand Minimize

CredUIPromptForWindowsCredentials function

The CredUIPromptForWindowsCredentials function creates and displays a configurable dialog box that allows users to supply credential information by using any credential provider installed on the local computer.

Syntax


DWORD WINAPI CredUIPromptForWindowsCredentials(
  _In_opt_     PCREDUI_INFO pUiInfo,
  _In_         DWORD dwAuthError,
  _Inout_      ULONG *pulAuthPackage,
  _In_opt_     LPCVOID pvInAuthBuffer,
  _In_         ULONG ulInAuthBufferSize,
  _Out_        LPVOID *ppvOutAuthBuffer,
  _Out_        ULONG *pulOutAuthBufferSize,
  _Inout_opt_  BOOL *pfSave,
  _In_         DWORD dwFlags
);

Parameters

pUiInfo [in, optional]

A pointer to a CREDUI_INFO structure that contains information for customizing the appearance of the dialog box that this function displays.

If the hwndParent member of the CREDUI_INFO structure is not NULL, this function displays a modal dialog box centered on the parent window.

If the hwndParent member of the CREDUI_INFO structure is NULL, the function displays a dialog box centered on the screen.

This function ignores the hbmBanner member of the CREDUI_INFO structure.

dwAuthError [in]

A Windows error code, defined in Winerror.h, that is displayed in the dialog box. If credentials previously collected were not valid, the caller uses this parameter to pass the error message from the API that collected the credentials (for example, Winlogon) to this function. The corresponding error message is formatted and displayed in the dialog box. Set the value of this parameter to zero to display no error message.

pulAuthPackage [in, out]

On input, the value of this parameter is used to specify the authentication package for which the credentials in the pvInAuthBuffer buffer are serialized. If the value of pvInAuthBuffer is NULL and the CREDUIWIN_AUTHPACKAGE_ONLY flag is set in the dwFlags parameter, only credential providers capable of serializing credentials for the specified authentication package are to be enumerated.

To get the appropriate value to use for this parameter on input, call the LsaLookupAuthenticationPackage function and use the value of the AuthenticationPackage parameter of that function.

On output, this parameter specifies the authentication package for which the credentials in the ppvOutAuthBuffer buffer are serialized.

pvInAuthBuffer [in, optional]

A pointer to a credential BLOB that is used to populate the credential fields in the dialog box. Set the value of this parameter to NULL to leave the credential fields empty.

ulInAuthBufferSize [in]

The size, in bytes, of the pvInAuthBuffer buffer.

ppvOutAuthBuffer [out]

The address of a pointer that, on output, specifies the credential BLOB. For Kerberos, NTLM, or Negotiate credentials, call the CredUnPackAuthenticationBuffer function to convert this BLOB to string representations of the credentials.

When you have finished using the credential BLOB, clear it from memory by calling the SecureZeroMemory function, and free it by calling the CoTaskMemFree function.

pulOutAuthBufferSize [out]

The size, in bytes, of the ppvOutAuthBuffer buffer.

pfSave [in, out, optional]

A pointer to a Boolean value that, on input, specifies whether the Save check box is selected in the dialog box that this function displays. On output, the value of this parameter specifies whether the Save check box was selected when the user clicks the Submit button in the dialog box. Set this parameter to NULL to ignore the Save check box.

This parameter is ignored if the CREDUIWIN_CHECKBOX flag is not set in the dwFlags parameter.

dwFlags [in]

A value that specifies behavior for this function. This value can be a bitwise-OR combination of one or more of the following values.

ValueMeaning
CREDUIWIN_GENERIC
0x1

The caller is requesting that the credential provider return the user name and password in plain text.

This value cannot be combined with SECURE_PROMPT.

CREDUIWIN_CHECKBOX
0x2

The Save check box is displayed in the dialog box.

CREDUIWIN_AUTHPACKAGE_ONLY
0x10

Only credential providers that support the authentication package specified by the pulAuthPackage parameter should be enumerated.

This value cannot be combined with CREDUIWIN_IN_CRED_ONLY.

CREDUIWIN_IN_CRED_ONLY
0x20

Only the credentials specified by the pvInAuthBuffer parameter for the authentication package specified by the pulAuthPackage parameter should be enumerated.

If this flag is set, and the pvInAuthBuffer parameter is NULL, the function fails.

This value cannot be combined with CREDUIWIN_AUTHPACKAGE_ONLY.

CREDUIWIN_ENUMERATE_ADMINS
0x100

Credential providers should enumerate only administrators. This value is intended for User Account Control (UAC) purposes only. We recommend that external callers not set this flag.

CREDUIWIN_ENUMERATE_CURRENT_USER
0x200

Only the incoming credentials for the authentication package specified by the pulAuthPackage parameter should be enumerated.

CREDUIWIN_SECURE_PROMPT
0x1000

The credential dialog box should be displayed on the secure desktop. This value cannot be combined with CREDUIWIN_GENERIC.

Windows Vista:  This value is supported beginning with Windows Vista with SP1.

CREDUIWIN_PREPROMPTING
0x2000

The credential dialog box is invoked by the SspiPromptForCredentials function, and the client is prompted before a prior handshake. If SSPIPFC_NO_CHECKBOX is passed in the pvInAuthBuffer parameter, then the credential provider should not display the check box.

Windows Vista:  This value is supported beginning with Windows Vista with SP1.

CREDUIWIN_PACK_32_WOW
0x10000000

The credential provider should align the credential BLOB pointed to by the ppvOutAuthBuffer parameter to a 32-bit boundary, even if the provider is running on a 64-bit system.

 

Return value

If the function succeeds, the function returns ERROR_SUCCESS. If the function is canceled by the user, it returns ERROR_CANCELLED. Any other return value indicates that the function failed to load.

Remarks

This function does not save credentials.

Applications that use SSPI to authenticate users should not call this function. Instead, call SspiPromptForCredentials.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

WinCred.h

Library

Credui.lib

DLL

Credui.dll

Unicode and ANSI names

CredUIPromptForWindowsCredentialsW (Unicode) and CredUIPromptForWindowsCredentialsA (ANSI)

 

 

Community Additions

ADD
Show:
© 2014 Microsoft