Authentication functions are categorized according to usage as follows:
Security Support Provider Interface (SSPI) functions fall into the following major categories.
Functions that list the available security packages and select a package.
Functions that create and work with handles to the credentials of principals.
Functions that use credentials handles to create a security context.
Functions that use security contexts to ensure message integrity and privacy during message exchanges over the secured connection. Integrity is achieved through message signing and signature verification. Privacy is achieved through message encryption and decryption.
SSPI package management functions initiate a security package, enumerate available packages, and query the attributes of a security package. The following SSPI functions provide management services for security packages.
Credential ManagementSSPI credential management functions provide a credentials handle, a reference to an opaque security object, for accessing a principal. The security object is opaque because the application has access only to the handle and not to the actual contents of the structure.
All references to the contents of a credential context are through the object's handle and the security package dereferences the handle to access the specifics of credentials. A credential handle is a 64-bit value between {0x00000000, 0x00000000} and {0xFFFFFFFF, 0xFFFFFFFE}.
Applications use the credentials handle with context management functions to create a security context.
Credential management functions also release credential handles and query the attributes of credentials. At present, the name associated with a credential is the only attribute that can be queried.
The following functions are used with credentials management.
Context ManagementSSPI context management functions create and use security contexts.
In a communication link, the client and server cooperate to create a shared security context. The client and server both use the security context with message support functions to ensure message integrity and privacy during the connection.
Security contexts are opaque security objects. Information in the security context is not available to the application. Context management functions create and use context handles and the security package dereferences the context handle to access its security content.
A context handle is a 64-bit value between {0x00000000, 0x00000000} and {0xFFFFFFFF, 0xFFFFFFFE}.
The following functions are used with context management.
Message SupportSSPI message support functions enable an application to transmit and receive tamper-resistant messages and to encrypt and decrypt messages. These functions work with one or more buffers that contain a message and with a security context created by the context management functions. The functions' behavior differs based on whether a connection, datagram, or stream context is in use. For a description of these differences, see SSPI Context Semantics.
The following functions provide security support for messages.
Functions Implemented by SSP/APsThe following functions are implemented by security packages contained in Security Support Provider/Authentication Packages (SSP/APs).
In the following tables, the first set of functions is implemented by Windows XP SSP/AP security packages. The second set of functions is implemented by SSP/AP security packages only.
The Local Security Authority (LSA) accesses these functions by using the SECPKG_FUNCTION_TABLE structure provided by the SSP/AP's SpLsaModeInitialize function.
The following functions are implemented by all authentication packages.
The following additional functions are implemented by SSP/AP security packages.
Functions Implemented by User-mode SSP/APsThe following functions are implemented by Security Support Provider/Authentication Packages (SSP/APs) that can be loaded into client/server applications.
An SSP/AP indicates that it implements the user-mode functions by returning TRUE in the MappedContext parameter of the SpInitLsaModeContext and SpAcceptLsaModeContext functions. The SpInitLsaModeContext function is used by the client side of a transport level application, while SpAcceptLsaModeContext is used by the server side.
Loading an SSP/AP into the client process or server process is handled by the security provider DLL, either Security.dll or Secur32.dll. The security provider DLL loads the SSP/AP by locating the address of the SpUserModeInitialize function implemented by the SSP/AP and calling it. This function returns a set of tables that contain pointers to the user-mode functions implemented in each security package.
After the SSP/AP is loaded into the client or server process, the Local Security Authority (LSA) will copy the security context information (returned by SpInitLsaModeContext or SpAcceptLsaModeContext) and any additional context-related data to the process and call the security package's SpInitUserModeContext function.
Client/server applications access user-mode functionality by calling Security Support Provider Interface (SSPI) functions. The SSPI functions are mapped by the security provider DLL by using the SECPKG_USER_FUNCTION_TABLE supplied by the package.
LSA Functions Called by SSP/APsThe Local Security Authority (LSA) provides the following functions to security packages deployed in Security Support Provider/Authentication Packages (SSP/APs). The functions are available in the LSA_SECPKG_FUNCTION_TABLE structure and can be called while the SSP/AP is loaded into the LSA's process space. The following functions are available to all APs.
The following functions are available to SSP/APs.
LSA Functions Called By User-mode SSP/APsA security package in a Security Support Provider/authentication package (SSP/AP) executing in a user-mode process can use the pointers in the SECPKG_DLL_FUNCTIONS table to access the following functions.
GINA Export FunctionsA GINA DLL must export the following functions.
Note
GINA DLLs are ignored in Windows Vista.
Logon User FunctionsThe following functions provide the ability to log on a user.
Function Description LogonUser Attempts to log a user on to the local computer. LogonUserEx Attempts to log a user on to the local computer. This function is an extended version of the LogonUser function and retrieves information about the logged-on user's security identifier (SID), profile, and quota limits. LogonUserExExW The LogonUserExExW function attempts to log a user on to the local computer. This function is not declared in a public header and has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Advapi32.dll. Winlogon Support FunctionsGINA DLLs can call the following Winlogon support functions.
Note
GINA DLLs are ignored in Windows Vista.
Network Provider FunctionsThe following topics provide reference information for the network provider functions.
Topic Description Functions Implemented by Network Providers Details functions that can be implemented by network providers. Support Functions Details a function that is implemented by the operating system and can be called by network providers. Connection Notification Functions Details functions that are implemented by applications that need to receive notification from the Multiple Provider Router (MPR) when a network resource is connected or disconnected. Functions Implemented by Network ProvidersThe following functions can be implemented by network providers. The only function that network providers are required to support is NPGetCaps.
Function Description NPAddConnection Connects a local device to a network resource. NPAddConnection3 Connects a local device to a network resource. NPCancelConnection Disconnects a network connection. NPCloseEnum Closes an enumeration. NPDeviceMode Specifies the parent window of a device. This window owns any dialog boxes that originate from the device. NPDirectoryNotify Notifies the network provider of certain directory operations. NPEnumResource Performs an enumeration based on a handle returned by NPOpenEnum. NPFormatNetworkName Formats a network name in a provider-specific format for display in a control. NPGetCaps Returns information about which services are supported on the network. NPGetConnection Retrieves information about a connection. NPGetConnection3 Retrieves information about a network connection, even if it is currently disconnected. NPGetConnectionPerformance Returns information about the expected performance of a connection used to access a network resource. The request can only be for a network resource that is currently connected. NPGetDirectoryType Determines the type of a network directory. NPGetPropertyText Retrieves the names of buttons to add to a property dialog box for a network resource. NPGetResourceInformation Separates the part of a network resource accessed through the WNet API from the part accessed through APIs specific to the resource type. NPGetResourceParent Retrieves the parent of a specified network resource in the browse hierarchy. NPGetUniversalName Retrieves the universal name of a network resource. The NPGetUniversalName function can retrieve this universal name in UNC format or in the older, remote-name format. NPGetUser Retrieves the value of the current default user name or the user name used to establish a network connection. NPOpenEnum Opens an enumeration of network resources or existing connections. The NPOpenEnum function must be called to obtain a valid handle for an enumeration. NPPropertyDialog Called when the user clicks a button added by using the NPPropertyDialog function. The NPPropertyDialog function is called only for file and directory network properties. NPSearchDialog Enables network vendors to supply their own form of browsing and search, beyond the hierarchical view presented in the Connection dialog box. Support FunctionsThe following function is implemented by the operating system and can be called by network providers.
Connection Notification FunctionsThe following functions are implemented by applications that need to receive notification from the Multiple Provider Router (MPR) when a network resource is connected or disconnected. For more information about how to write an application that receives such notifications, see Receiving Connection Notifications.
LSA Logon FunctionsThe following Local Security Authority (LSA) authentication functions authenticate and log on users, and they provide logon session information.
Functions Implemented by Authentication PackagesCustom authentication packages must implement these functions, which are called by the Local Security Authority (LSA). These functions are implemented by the MSV1_0 and Kerberos authentication packages provided by Microsoft.
LSA Functions Called by Authentication PackagesThe following Local Security Authority (LSA) functions can be called from a custom authentication package. When the LSA calls LsaApInitializePackage to initialize the package, it passes a table of support functions.
Subauthentication FunctionsThe following subauthentication functions can be called by Microsoft-provided authentication packages to provide additional, user-created logon authentication.
Credentials Management FunctionsThe following topics provide reference information for the credentials management functions.
Topic Description Credentials Management UI Functions Details functions used for credentials management UI. Low-level Credentials Management Functions Details functions used for low-level credentials management. Credential Management Notification Functions Details functions that are implemented by credential managers to receive notifications when authentication information changes. Credentials Management UI FunctionsThe following are credentials management UI functions.
Low-level Credentials Management FunctionsThe following are low-level credentials management functions.
Credential Management Notification FunctionsThe following functions are implemented by credential managers to receive notifications when authentication information changes.
Function Description NPLogonNotify MPR calls this function to notify the credential manager that a logon event has occurred, allowing the credential manager to return a logon script. NPPasswordChangeNotify MPR calls this function to notify the credential manager of a password change event. Smart Card FunctionsThe Smart Card SDK provides the following functions.
SASL FunctionsThe Simple Authentication and Security Layer (SASL) provides the following functions.
Other FunctionsHere are other functions used for Authentication.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4