CredRead (Windows CE 5.0)

Windows CE 5.0
Send Feedback

This function retrieves credential information that is uniquely identified by the tuple that contains the credential type and the target ID associated with the credential. This function replaces CeCredRead.

  WSTR wszTarget,
  DWORD dwTargetLen,
  DWORD dwType,
  DWORD dwFlags,
  PPCRED ppCred


[in] Target to search for. Must be null-terminated, and cannot be NULL.
[in] Number of characters in the target string, including the null-terminator. Cannot exceed CRED_MAX_TARGET_LEN
[in] Type of credential to search for. The following table shows the pre-defined credential types.
Credential typeDescription
CRED_TYPE_NTLM Credential type used for NTLM.
CRED_TYPE_KERBEROSCredential type used for Kerberos.
CRED_TYPE_DOMAIN_PASSWORDCredential type used for domain authentication.
CRED_TYPE_CERTIFICATECredential is a certificate.
CRED_TYPE_PLAINTEXT_PASSWORDCredential is a plain password.
CRED_TYPE_GENERIC Credential is stored as an opaque blob, but has no identifying characteristics.
[in] Used to control default credentials, and can be one of the following flags.
CRED_FLAG_NO_DEFAULTCredential manager will not return default credential.
CRED_FLAG_NO_IMPLICIT_DEFAULTCredential manager will not return implicit default.
[out] Pointer to a single allocated block buffer to return the credential. Any pointers contained within this buffer are pointers to locations within the single allocated block.

Return Values

ERROR_SUCCESS is returned upon success. For a list of error codes, see Credential Manager Error Codes.


There can be multiple credentials present for the same type. The default behavior of CredRead function is to return a credential in the following order of preference:

  1. An exact credential match to the target.
  2. The credential marked Default.
  3. An implicit default credential.

If no matching credential is found for the specified tuple, and there is a default credential set for the type specified in the tuple, that default credential is returned. If there is no default credential then the implicit default is returned. dwFlags member of the returned credential can be used to determine the source of the credential and the caller can take appropriate action. If the caller is not trusted, the blob will be empty for trusted credentials.

In some cases you may want to receive only an exact match to the target. Depending on the case, set dwFlags to be either CRED_FLAG_NO_DEFAULT or CRED_FLAG_NO_IMPLICIT_DEFAULT.

Pointers contained in the single allocated block buffer to return the credential are pointers to locations within the single allocated block. This single returned buffer must be freed by calling CredFree, and cannot be NULL.

The dwFlags member of the returned credential can be used to figure out the source of the credential. If the CRED_FLAG_DEFAULT is set, it means no matching credential was found, but a default credential was found. If the CRED_FLAG_IMPLICIT_DEFAULT is set, then it means that there was no matching credential or default credential, and an implicit default credential was returned.


OS Versions: Windows CE .NET 4.0 and later.
Header: Cred.h.
Link Library: Coredll.lib.

See Also

Credential Manager Functions

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.

© 2016 Microsoft