CredRead (Compact 2013)
3/28/2014
The CredRead function retrieves credential information that is uniquely identified by the tuple that contains the credential type and the target ID associated with the credential. This function replaces CeCredRead (deprecated).
Syntax
DWORD CredRead(
PWCHAR wszTarget,
DWORD dwTargetLen,
DWORD dwType,
DWORD dwFlags,
PPCRED ppCred
);
Parameters
- wszTarget
[in] Target to search for. Must be null-terminated, and cannot be NULL.
- dwTargetLen
[in] Number of characters in the target string, including the null-terminator. Cannot exceed CRED_MAX_TARGET_LEN.
dwType
[in] Type of credential to search for. The following table shows the pre-defined credential types.Credential type
Description
CRED_TYPE_NTLM
Credential type used for NTLM.
CRED_TYPE_KERBEROS
Credential type used for Kerberos.
CRED_TYPE_DOMAIN_PASSWORD
Credential type used for domain authentication.
CRED_TYPE_CERTIFICATE
Credential is a certificate.
CRED_TYPE_PLAINTEXT_PASSWORD
Credential is a plain password.
CRED_TYPE_GENERIC
Credential is stored as an opaque blob, but has no identifying characteristics.
dwFlags
[in] Used to control default credentials, and can be one of the following flags.Flag
Description
CRED_FLAG_NO_DEFAULT
Credential manager will not return default credential.
CRED_FLAG_NO_IMPLICIT_DEFAULT
This flag is deprecated. Use CRED_FLAG_NO_DEFAULT instead.
ppCred
[out] Pointer to a single allocated block buffer to return the credential. Any pointers contained within this buffer are pointers to locations within the single allocated block.For more information about the credential structure used, see the CRED structure.
Return Value
ERROR_SUCCESS is returned upon success. For a list of error codes, see Credential Manager Error Codes.
Remarks
There can be multiple credentials present for the same type. The default behavior of the CredRead function is to return a credential in the following order of preference:
- An exact credential match to the target.
- The credential marked Default.
- An implicit default credential.
If no matching credential is found for the specified tuple, and there is a default credential set for the type specified in the tuple, that default credential is returned. If there is no default credential then the implicit default is returned. dwFlags member of the returned credential can be used to determine the source of the credential and the caller can take appropriate action.
In some cases you may want to receive only an exact match to the target. In this case, set dwFlags to CRED_FLAG_NO_DEFAULT.
Pointers contained in the single allocated block buffer to return the credential are pointers to locations within the single allocated block. This single returned buffer must be freed by calling CredFree, and cannot be NULL.
The dwFlags member of the returned credential can be used to figure out the source of the credential. If the CRED_FLAG_DEFAULT flag is set, it means no matching credential was found, but a default credential was found. If the CRED_FLAG_IMPLICIT_DEFAULT flag is set, then it means that there was no matching credential or default credential, and an implicit default credential was returned.
Requirements
Header |
cred.h |
Library |
coredll.lib |