ICredentialProvider interface (credentialprovider.h)

Exposes methods used in the setup and manipulation of a credential provider. All credential providers must implement this interface.


The ICredentialProvider interface inherits from the IUnknown interface. ICredentialProvider also has these types of members:


The ICredentialProvider interface has these methods.


Allows a credential provider to initiate events in the Logon UI or Credential UI through a callback interface.

Gets a specific credential.

Gets the number of available credentials under this credential provider.

Gets metadata that describes a specified field.

Retrieves the count of fields in the needed to display this provider's credentials.

Sets the serialization characteristics of the credential provider.

Defines the scenarios for which the credential provider is valid. Called whenever the credential provider is initialized.

Used by the Logon UI or Credential UI to advise the credential provider that event callbacks are no longer accepted.


This interface is how you will interact with the Logon UI and the Credential UI for your app.

An instantiated credential provider is maintained for the entire lifetime of a Logon UI. Because of this, the Logon UI can maintain the state of a credential provider. In particular, it remembers which provider and tile provided a credential. This means that you can potentially store state information when you are using a CREDENTIAL_PROVIDER_USAGE_SCENARIO of CPUS_LOGON, CPUS_UNLOCK_WORKSTATION, and CPUS_CHANGE_PASSWORD. This is not the case with the Credential UI. The Credential UI creates a new instance of the provider every time an application calls CredUIPromptForWindowsCredentials. Because of this, the Credential UI cannot remember a credential provider's state.

Be aware that a CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION generated in one scenario might be saved and used in a subsequent usage scenario. Because of this, it is necessary to make sure your ICredentialProvider implementation is robust enough to handle this scenario.

Windows 8 adds new functionality in the credential providers API, primarily the ability to group credentials by user.


Requirement Value
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header credentialprovider.h

See also


Credential Provider driven Windows Logon Experience

Credential Providers in Windows 10