CredRead
A version of this page is also available for
4/8/2010
The CredRead function retrieves credential information that is uniquely identified by the tuple that contains the credential type and the target ID associated with the credential. This function replaces CeCredRead.
Syntax
DWORD CredRead(
WSTR wszTarget,
DWORD dwTargetLen,
DWORD dwType,
DWORD dwFlags,
PPCRED ppCred
);
Parameters
- wszTarget
[in] Target to search for. Must be null-terminated, and cannot be NULL.
- dwTargetLen
[in] Number of characters in the target string, including the null-terminator. Cannot exceed CRED_MAX_TARGET_LEN
dwType
[in] Type of credential to search for. The following table shows the pre-defined credential types.Credential type Description CRED_TYPE_NTLM
Credential type used for NTLM.
CRED_TYPE_KERBEROS
Credential type used for Kerberos.
CRED_TYPE_DOMAIN_PASSWORD
Credential type used for domain authentication.
CRED_TYPE_CERTIFICATE
Credential is a certificate.
CRED_TYPE_PLAINTEXT_PASSWORD
Credential is a plain password.
CRED_TYPE_GENERIC
Credential is stored as an opaque blob, but has no identifying characteristics.
dwFlags
[in] Used to control default credentials, and can be one of the following flags.Flag Description CRED_FLAG_NO_DEFAULT
Credential manager will not return default credential.
CRED_FLAG_NO_IMPLICIT_DEFAULT
Credential manager will not return implicit default.
ppCred
[out] Pointer to a single allocated block buffer to return the credential. Any pointers contained within this buffer are pointers to locations within the single allocated block.For more information about the credential structure used, please see the CRED structure.
Return Value
ERROR_SUCCESS is returned upon success. For a list of error codes, see Credential Manager Error Codes.
Remarks
There can be multiple credentials present for the same type. The default behavior of the CredRead function is to return a credential in the following order of preference:
- An exact credential match to the target.
- The credential marked Default.
- An implicit default credential.
If no matching credential is found for the specified tuple, and there is a default credential set for the type specified in the tuple, that default credential is returned. If there is no default credential then the implicit default is returned. dwFlags member of the returned credential can be used to determine the source of the credential and the caller can take appropriate action. If the caller is not privileged, the blob will be empty for trusted credentials.
In some cases you may want to receive only an exact match to the target. Depending on the case, set dwFlags to be either CRED_FLAG_NO_DEFAULT or CRED_FLAG_NO_IMPLICIT_DEFAULT.
Pointers contained in the single allocated block buffer to return the credential are pointers to locations within the single allocated block. This single returned buffer must be freed by calling CredFree, and cannot be NULL.
The dwFlags member of the returned credential can be used to figure out the source of the credential. If the CRED_FLAG_DEFAULT is set, it means no matching credential was found, but a default credential was found. If the CRED_FLAG_IMPLICIT_DEFAULT is set, then it means that there was no matching credential or default credential, and an implicit default credential was returned.
Requirements
| Header | cred.h |
| Library | coredll.lib |
| Windows Embedded CE | Windows CE .NET 4.0 and later |
| Windows Mobile | Windows Mobile Version 5.0 and later |