SspiEncryptAuthIdentityEx function (sspi.h)

Encrypts a SEC_WINNT_AUTH_IDENTITY_OPAQUE structure.

Syntax

SECURITY_STATUS SEC_ENTRY SspiEncryptAuthIdentityEx(
  [in]      ULONG                           Options,
  [in, out] PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData
);

Parameters

[in] Options

Encryption options. This can be one or more of the following values.

Value Meaning
SEC_WINNT_AUTH_IDENTITY_ENCRYPT_SAME_LOGON
The encrypted structure can only be decrypted by a security context in the same logon session. This option is used to protect an identity buffer that is being sent over a local RPC.
SEC_WINNT_AUTH_IDENTITY_ENCRYPT_SAME_PROCESS
The encrypted structure can only be decrypted by the same process. Calling the function with this option is equivalent to calling SspiEncryptAuthIdentity. This option is used to protect an identity buffer that is being persisted in a process's private memory for an extended period.

[in, out] AuthData

On input, a pointer to an identity buffer to encrypt. This buffer must be prepared for encryption prior to the call to this function. This can be done by calling the function SspiEncryptAuthIdentity. On output, the encrypted identity buffer.

Return value

If the function succeeds, it returns SEC_E_OK.

If the function fails, it returns a nonzero error code.

Remarks

To transfer credentials securely across processes, applications typically call this function with the SEC_WINNT_AUTH_IDENTITY_ENCRYPT_SAME_LOGON option, followed by SspiMarshalAuthIdentity to obtain a marshaled authentication buffer and its length. For example, Online Identity Credential Provider does this to return the authentication buffer from their ICredentialProviderCredential::GetSerialization method.

Requirements

Requirement Value
Minimum supported client Windows 8 [desktop apps only]
Minimum supported server Windows Server 2012 [desktop apps only]
Target Platform Windows
Header sspi.h