IX509EnrollmentPolicyServer::SetCredential method (certenroll.h)

The SetCredential method sets the credential used to contact the certificate enrollment policy (CEP) server.

Syntax

HRESULT SetCredential(
  [in] LONG                    hWndParent,
  [in] X509EnrollmentAuthFlags flag,
  [in] BSTR                    strCredential,
  [in] BSTR                    strPassword
);

Parameters

[in] hWndParent

Parent window handle.

[in] flag

An X509EnrollmentAuthFlags enumeration value that specifies the authentication type. This can be one of the following values.

Value Meaning
X509AuthAnonymous
Anonymous authentication. Set the strCredential and strPassword parameters to NULL.
X509AuthKerberos
Kerberos authentication. Set the strCredential and strPassword parameters to NULL.
X509AuthUsername
Clear text user name and password authentication. Set the strCredential and strPassword parameters to the user name and associated password. These strings are encrypted before transmission and are stored securely in the credential vault on the CEP server.
X509AuthCertificate
Client authentication certificate installed on the local computer and used by the server to verify the identity of the client. Set the strPassword parameter to NULL and set the certificate thumbprint, a 20-byte SHA1 hash of the certificate, in the strCredential parameter.

[in] strCredential

A BSTR variable that contains the credential.

[in] strPassword

A BSTR variable that contains the password.

Return value

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

Return code Description
E_INVALIDARG
The flag parameter is not a supported value.

Remarks

The strCredential and strPassword arguments will change depending on the value specified in the flag argument as shown in the following table.

flag parameter strCredential parameter strPassword parameter
X509AuthAnonymous NULL NULL
X509AuthKerberos NULL NULL
X509AuthUsername Clear text user name recognized by the CEP server. Clear text password associated with the user name.
X509AuthCertificate Contains a 20 byte SHA-1 hash (thumbprint) of the certificate. NULL

Requirements

   
Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Target Platform Windows
Header certenroll.h

See also

IX509EnrollmentPolicyServer