GetCertificateFromCred function
Gets the certificate from the user credential.
Syntax
NTSTATUS GetCertificateFromCred(
_In_ PVOID ProviderHandle,
_In_ HANDLE ClientToken,
_In_ PVOID SuppliedCred,
_In_ ULONG SuppliedCredSize,
_Out_ PVOID *CertContext
);
Parameters
-
ProviderHandle [in]
-
Identity provider handle.
-
ClientToken [in]
-
Token of the caller who is retrieving the certificate.
-
SuppliedCred [in]
-
A pointer to a SECPKG_SUPPLIED_CREDENTIAL structure that contains the credential of an online ID whose certificate is requested. The identity provider must validate the input data as if it is coming from an untrusted source.
-
SuppliedCredSize [in]
-
The size, in bytes, of the SuppliedCred buffer.
-
CertContext [out]
-
If the function succeeds, this parameter is a pointer to the returned CCERT_CONTEXT pointer. When you have finished using the certificate context, release it by calling the CertFreeCertificateContext function.
Return value
If the function succeeds, the function returns STATUS_SUCCESS.
If the function fails, the function may return one of the following NTSTATUS error codes.
| Return value | Description |
|---|---|
|
The identity provider does not recognize the credential type of the supplied credential. LSA will try the next identity provider. |
|
The credential is incorrect. |
|
A parameter is not valid. The credential may be in an incorrect format and not in the defined SECPKG_SUPPLIED_CREDENTIAL structure. |
|
The identity provider cannot contact the cloud to obtain the certificate. |
|
The account password has expired. |
|
The account has been locked out. |
|
Other provider-specific error codes. |
Remarks
Before fetching the certificate from the cloud, the identity provider should check that there is a valid certificate for this user in the user's "MY" certificate store. If a valid certificate exists, the provider should return this certificate to avoid unnecessary network traffic.
The identity provider can also cache the certificate locally as long as it is protected from the current user.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows 8 [desktop apps only] |
| Minimum supported server |
Windows Server 2012 [desktop apps only] |
| Header |
|
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for