Local Authentication Subsystem (LASS) (Compact 2013)


The Local Authentication Subsystem (LASS) provides the infrastructure that enables user authentication independent of the application and the specific authentication mechanism. Password authentication provides only one option, a password, for verification. However, LASS allows you to support sophisticated authentication mechanisms, such as biometrics. In addition, you can use LASS functionality to specify event-based policies to authenticate users. LASS supports master key protection to help ensure data protected by the master key cannot be decoded without the secret data of the user.

An authentication mechanism that plugs into LASS is called a Local Authentication Plugin (LAP). Access to a plug-in is governed by an Authentication Event (AE) that represents the point at which a predefined policy (or rule) is applied to determine whether a user needs to be authenticated.

To add this feature to your OS, see LASS Catalog Items and Sysgen Variables.

For reference information, see LASS Reference.

Sample application code is available at %_WINCEROOT%\Public\Common\Sdk\Samples\Lassctl and %_WINCEROOT%\Public\Common\Sdk\Samples\Lap.