Export (0) Print
Expand All
Expand Minimize

GetCertificateFromCred function

Gets the certificate from the user credential.


NTSTATUS GetCertificateFromCred(
  _In_   PVOID ProviderHandle,
  _In_   HANDLE ClientToken,
  _In_   PVOID SuppliedCred,
  _In_   ULONG SuppliedCredSize,
  _Out_  PVOID *CertContext


ProviderHandle [in]

Identity provider handle.

ClientToken [in]

Token of the caller who is retrieving the certificate.

SuppliedCred [in]

A pointer to a SECPKG_SUPPLIED_CREDENTIAL structure that contains the credential of an online ID whose certificate is requested. The identity provider must validate the input data as if it is coming from an untrusted source.

SuppliedCredSize [in]

The size, in bytes, of the SuppliedCred buffer.

CertContext [out]

If the function succeeds, this parameter is a pointer to the returned CCERT_CONTEXT pointer. When you have finished using the certificate context, release it by calling the CertFreeCertificateContext function.

Return value

If the function succeeds, the function returns STATUS_SUCCESS.

If the function fails, the function may return one of the following NTSTATUS error codes.

Return valueDescription

The identity provider does not recognize the credential type of the supplied credential. LSA will try the next identity provider.


The credential is incorrect.


A parameter is not valid. The credential may be in an incorrect format and not in the defined SECPKG_SUPPLIED_CREDENTIAL structure.


The identity provider cannot contact the cloud to obtain the certificate.


The account password has expired.


The account has been locked out.


Other provider-specific error codes.



Before fetching the certificate from the cloud, the identity provider should check that there is a valid certificate for this user in the user's "MY" certificate store. If a valid certificate exists, the provider should return this certificate to avoid unnecessary network traffic.

The identity provider can also cache the certificate locally as long as it is protected from the current user.


Minimum supported client

Windows 8 [desktop apps only]

Minimum supported server

Windows Server 2012 [desktop apps only]





Community Additions

© 2015 Microsoft