Creating a LAP

Windows Mobile 6.5
A version of this page is also available for

The password LAP (Local Authentication Plugin) that is available by default in Windows Embedded CE can be replaced by a customized LAP if you want to have an alternate mechanism to authenticate the user. The custom LAP will be called exclusively by LASS (Local Authentication Subsystem) on behalf of applications that need to authenticate a user.

To create a LAP, you must create a DLL with the following entry points:

LASS will call InitLap before the LAP is ever used. The active LAP is loaded on startup, and will remain loaded until it is changed. LASS will call DeinitLAP prior to unloading the LAP. No more calls can be made to the LAP after this call is made.

An application call to the LASS function VerifyUser is passed on to VerifyUser (LAP) if the AE policy requires it. When it receives this call, the LAP should validate the user. Note that if the flag VU_NO_UI is set, the LAP must not display UI.

LAPCreateEnrollmentConfigDialog is called when the application calls CreateEnrollmentConfigDialog. In general, only the Shell will call this function.

LAP Implementation Issues

Discusses various LAP implementation issues, including fallback mechanisms and deadlock.

Implementing Master Key Protection in a LAP

Discusses the implementation of master key protection in LAPs that collect verification data from the user but that do not persist the data.

A LAP will need dual pin support in order to support the Authentication Reset System.

To create a LAP that works with the Authentication Reset System, the password will have to be stored internally in the LAP.