Authentication Structures
Authentication structures are categorized according to usage as follows:
- SSPI Structures
- Schannel Structures
- Custom Security Package Structures
- Network Provider Structures
- GINA Structures
- Local Security Authority Structures
- Credentials Management Structures
- Smart Card Structures
SSPI Structures
The following structures, defined in Sspi.h, are used in SSPI functions.
| Structure | Description |
|---|---|
| CREDSSP_CRED | Specifies authentication data for both Schannel and Negotiate security packages |
| SEC_WINNT_AUTH_IDENTITY | Used to pass a particular user name and password to the run-time library for the purpose of authentication. |
| SEC_WINNT_AUTH_IDENTITY_EX | Contains information about a user. Both an ANSI and Unicode form of this structure are provided. |
| SecBuffer | Buffer allocated by a transport application to pass to a security package. |
| SecBufferDesc | Array of SecBuffer structures to pass from a transport application to a security package. |
| SecPkgContext_AccessToken | Contains a handle to the access token of the security context. |
| SecPkgContext_ClientCreds | Specifies client credentials when calling the QueryContextAttributes (CredSSP) function. |
| SecPkgContext_ConnectionInfo | Contains protocol and cipher information. This structure is used by the QueryContextAttributes (General) function. |
| SecPkgContext_CredentialName | Specifies the credential name. |
| SecPkgContext_DceInfo | Contains authorization data used by DCE services. |
| SecPkgContext_EapKeyBlock | Contains key data used by the EAP TLS Authentication Protocol. |
| SecPkgContext_Flags | Contains information about the flags in the security context. |
| SecPkgContext_IssuerListInfoEx | Contains a list of trusted certification authorities (CAs). |
| SecPkgContext_Lifespan | Indicates the life span of a security context. |
| SecPkgContext_Names | Contains the name of the user associated with a security context. |
| SecPkgContext_NativeNames | Contains the client and server principal names from the outbound ticket. |
| SecPkgContext_NegotiationInfo | Contains information about the security package that is being set up or has been set up. It also gives the status on the negotiation to set up the security package. |
| SecPkgContext_PackageInfo | Contains the name of a security support provider (SSP). |
| SecPkgContext_PasswordExpiry | Contains information about the expiration of a password or other credential. |
| SecPkgContext_SessionKey | Contains information about the session key. |
| SecPkgContext_Sizes | Contains the sizes of important structures used in the message support functions. |
| SecPkgContext_StreamSizes | Contains the sizes of the various stream attributes for use with the message support functions. |
| SecPkgContext_TargetInformation | Contains information about the credential used for the security context. |
| SecPkgCredentials_Names | Holds the name of the user associated with a context. |
| SecPkgInfo | Provides general information about a security package, such as its name and capabilities. |
| SECURITY_INTEGER | Structure to hold a numeric value. It is used in defining other types. |
| SecurityFunctionTable | Dispatch table that contains pointers to the functions defined in SSPI. |
Schannel Structures
The following structures are defined for use with Schannel.
| Structure | Description |
|---|---|
| SCH_CRED_PUBLIC_CERTCHAIN | Contains a single certificate. A certification chain can be built from this certificate. |
| SCH_CRED_SECRET_PRIVKEY | Contains private key information needed to authenticate a client or server. |
| SCHANNEL_CERT_HASH | Contains the hash store data for the certificate that Schannel uses. |
| SCHANNEL_CERT_HASH_STORE | Contains the hash store data for the certificate that Schannel uses in kernel-mode. |
| SCHANNEL_ALERT_TOKEN | Generates a Secure Sockets Layer Protocol (SSL) or Transport Layer Security Protocol (TSL) alert to be sent to the target of a call to either the InitializeSecurityContext (Schannel) function or the AcceptSecurityContext (Schannel) function. |
| SCHANNEL_CLIENT_SIGNATURE | Specifies a client signature when a call to the InitializeSecurityContext (Schannel) function cannot access the private key for a client certificate (in this case, the function returns SEC_I_SIGNATURE_NEEDED). |
| SCHANNEL_CRED | Contains the data for an Schannel credential. |
| SCHANNEL_SESSION_TOKEN | Specifies whether reconnections are enabled for an authentication session created by calling either the InitializeSecurityContext (Schannel) function or the AcceptSecurityContext (Schannel) function. |
| SecPkgContext_Authority | Contains the name of the authenticating authority if one is available. It can be a certification authority (CA) or the name of a server or domain that authenticated the connection. |
| SecPkgContext_ConnectionInfo | Contains protocol and cipher information. This structure is used by the QueryContextAttributes (General) function. |
| SecPkgContext_IssuerListInfoEx | Contains a list of trusted certification authorities. |
| SecPkgContext_KeyInfo | Contains information about the session keys used in a security context. This structure has been superseded by the SecPkgContext_ConnectionInfo structure. |
| SecPkgContext_ProtoInfo | Holds information about the protocol in use. |
| SecPkgContext_SessionAppData | Stores application data for a session context. |
| SecPkgCred_CipherStrengths | Holds the minimum and maximum strength permitted for the cipher used by the specified Schannel credential. |
| SecPkgCred_SupportedAlgs | Contains identifiers for algorithms permitted with a specified Schannel credential. |
| SecPkgCred_SupportedProtocols | Indicates the protocols permitted with a specified Schannel credential. |
| X509Certificate | Represents an X.509 certificate. |
Custom Security Package Structures
Custom security package use the following structures.
| Structure | Description |
|---|---|
| LSA_SECPKG_FUNCTION_TABLE | A table of pointers to the Local Security Authority (LSA) functions that custom security packages can call. |
| SECPKG_CALL_INFO | Contains information about an executing function call. |
| SECPKG_CLIENT_INFO | Contains information about the user of a security package. |
| SECPK_CONTEXT_THUNKS | Contains information about calls to the security package that will be executed in-process with the LSA. |
| SECPKG_DLL_FUNCTIONS | Contains the functions available to custom security packages executing in-process with a client/server application. |
| SECPKG_EVENT_DOMAIN_CHANGE | Contains session and computer information. This structure name is an alias for the SECPKG_PARAMETERS structure. |
| SECPKG_EVENT_NOTIFY | Contains information about a security-related event. |
| SECPKG_EVENT_PACKAGE_CHANGE | Contains information about security package availability and use. |
| SECPKG_EXTENDED_INFORMATION | Contains extended information about the security package. |
| SECPKG_FUNCTION_TABLE | Contains pointers to the functions implemented by security packages. |
| SECPKG_GSS_INFO | Contains information on the GSS OID used to identify a security package. |
| SECPKG_MUTUAL_AUTH_LEVEL | Contains information about the mutual authentication level used by a security package. |
| SECPKG_PARAMETERS | Contains session and machine information. |
| SECPKG_PRIMARY_CRED | Contains primary credentials information. |
| SECPKG_SUPPLEMENTAL_CRED | Contains supplemental credentials information. |
| SECPKG_SUPPLEMENTAL_CRED_ARRAY | Contains supplemental credentials information. |
| SECPKG_USER_FUNCTION_TABLE | Contains the functions implemented by a security package loaded in-process with client/server applications. |
| SecurityUserData | Contains information about the logged on user. |
Network Provider Structures
The following structures are used by the Network Provider APIs and related functions.
| Structure | Description |
|---|---|
| NETCONNECTINFOSTRUCT | Contains information about the performance of a network connection. |
| NETRESOURCE | Contains information about an enumerated network resource. |
| NOTIFYADD | Contains the details of a network connect operation. |
| NOTIFYCANCEL | Contains the details of a network disconnect operation. |
| NOTIFYINFO | Contains status information about a network connect or disconnect operation. |
| REMOTE_NAME_INFO | Contains information about a remote universal name. |
| UNIVERSAL_NAME_INFO | Contains a local universal name. |
GINA Structures
GINA interface functions and Winlogon support functions use the following structures.
| Structure | Description |
|---|---|
| WLX_CLIENT_CREDENTIALS_INFO_V1_0 | Contains client credential information. |
| WLX_CONSOLESWITCH_CREDENTIALS_INFO_V1_0 | Contains the client credentials allowing credentials to be transparently transferred to a target session. |
| WLX_DESKTOP | Contains desktop information. |
| WLX_DISPATCH_VERSION_1_0 | Contains the Winlogon, version 1.0 dispatch table. |
| WLX_DISPATCH_VERSION_1_1 | Contains the Winlogon, version 1.1 dispatch table. |
| WLX_DISPATCH_VERSION_1_2 | Contains the Winlogon, version 1.2 dispatch table. |
| WLX_DISPATCH_VERSION_1_3 | Contains the Winlogon, version 1.3 dispatch table. |
| WLX_DISPATCH_VERSION_1_4 | Contains the Winlogon, version 1.4 dispatch table. |
| WLX_MPR_NOTIFY_INFO | Contains authentication and identification information. |
| WLX_PROFILE_V1_0 | Contains information used for setting up the initial environment. |
| WLX_PROFILE_V2_0 | Contains information used for setting up the initial environment. |
| WLX_TERMINAL_SERVICES_DATA | Contains the Terminal Services profile path and home directory information. |
Local Security Authority Structures
Local Security Authority (LSA) uses the following structures.
| Structure | Description |
|---|---|
| DOMAIN_PASSWORD_INFORMATION | Contains information about a domain's password policy, such as the minimum length for passwords and how unique passwords must be. |
| KERB_ADD_CREDENTIALS_REQUEST | Specifies a message to add, remove, or replace an extra server credential for a logon session. |
| KERB_ADD_CREDENTIALS_REQUEST_EX | Specifies a message to add, remove, or replace an extra server credential for a logon session, and the service principal names (SPNs) associated with that credential. |
| KERB_CERTIFICATE_LOGON | Contains information about a smart card logon session. |
| KERB_CERTIFICATE_UNLOCK_LOGON | Contains information used to unlock a workstation that has been locked during an interactive smart card logon session. |
| KERB_CHANGEPASSWORD_REQUEST | Contains information used to change a password. |
| KERB_CRYPTO_KEY | Contains information about a Kerberos cryptographic session key. |
| KERB_EXTERNAL_NAME | Contains information about an external name. |
| KERB_EXTERNAL_TICKET | Contains information about an external ticket. |
| KERB_INTERACTIVE_LOGON | Contains information about an interactive logon session. |
| KERB_INTERACTIVE_PROFILE | Contains information about an interactive logon profile. |
| KERB_INTERACTIVE_UNLOCK_LOGON | Contains information used to unlock a workstation that has been locked during an interactive logon session. |
| KERB_PURGE_TKT_CACHE_REQUEST | Contains information used to delete entries from the ticket cache. |
| KERB_QUERY_TKT_CACHE_REQUEST | Used to retrieve information about all of the cached tickets for the specified user logon session. |
| KERB_QUERY_TKT_CACHE_RESPONSE | Contains the results of querying the ticket cache. |
| KERB_RETRIEVE_TKT_REQUEST | Contains information used to retrieve a ticket. |
| KERB_RETRIEVE_TKT_RESPONSE | Contains the response from retrieving a ticket. |
| KERB_S4U_LOGON | Contains information about a service for user (S4U) logon session. |
| KERB_SMARTCARD_CSP_INFO | Contains information about a smart card cryptographic service provider (CSP). |
| KERB_SMART_CARD_LOGON | Contains information about a smart card logon session. |
| KERB_SMART_CARD_UNLOCK_LOGON | Contains information used to unlock a workstation that has been locked during a smart card logon session. |
| KERB_TICKET_CACHE_INFO | Contains information about a cached Kerberos ticket. |
| KERB_TICKET_LOGON | Contains profile information for a network logon. |
| KERB_TICKET_PROFILE | Contains information about an interactive logon profile. |
| KERB_TICKET_UNLOCK_LOGON | Contains information to unlock a workstation. |
| LSA_DISPATCH_TABLE | A table of pointers to the LSA functions that Windows authentication packages can call. |
| LSA_STRING | Contains an ANSI string and its length information. |
| LSA_FOREST_TRUST_BINARY_DATA | Contains binary data used in LSA forest trust operations. |
| LSA_FOREST_TRUST_COLLISION_INFORMATION | Contains information about LSA forest trust collisions. |
| LSA_FOREST_TRUST_RECORD | Contains information about an LSA forest trust collision. |
| LSA_FOREST_TRUST_DOMAIN_INFO | Contains identifying information for a domain. |
| LSA_FOREST_TRUST_INFORMATION | Contains LSA forest trust information. |
| LSA_FOREST_TRUST_RECORD | Contains an LSA forest trust record. |
| LSA_TOKEN_INFORMATION_NULL | Used in cases where a non-authenticated system access is needed. This structure has no contents. |
| LSA_TOKEN_INFORMATION_V1 | Contains information that an authentication package can place in a Version 1 Windows token object. |
| MSV1_0_CHANGEPASSWORD_REQUEST | Obsolete. |
| MSV1_0_CHANGEPASSWORD_RESPONSE | Obsolete. |
| MSV1_0_ENUMUSERS_REQUEST | Obsolete. |
| MSV1_0_ENUMUSERS_RESPONSE | Obsolete. |
| MSV1_0_GETUSERINFO_REQUEST | Obsolete. |
| MSV1_0_GETUSERINFO_RESPONSE | Obsolete. |
| MSV1_0_INTERACTIVE_LOGON | Contains user logon information for an interactive logon. |
| MSV1_0_INTERACTIVE_PROFILE | Contains information about an interactive logon profile. |
| MSV1_0_LM20_LOGON | Contains logon information used in network logons. |
| MSV1_0_LM20_LOGON_PROFILE | Contains information about a network logon session. |
| MSV1_0_SUBAUTH_LOGON | Used by subauthentication DLLs. |
| MSV1_0_SUBAUTH_REQUEST | Contains information to pass to a subauthentication package. |
| MSV1_0_SUBAUTH_RESPONSE | Contains the response from a subauthentication package. |
| MSV1_0_SUPPLEMENTAL_CREDENTIAL | Used to pass credentials into MSV1_0 from Kerberos or custom authentication packages. |
| NETLOGON_LOGON_IDENTITY_INFO | Used by the Msv1_0SubAuthenticationRoutine and Msv1_0SubAuthenticationFilter to pass information about a user for logon subauthentication. |
| OLD_LARGE_INTEGER | Used to represent a 64-bit signed integer value as two 32-bit integers. |
| QUOTA_LIMITS | Describes the amount of system resources available to a user. |
| SR_SECURITY_DESCRIPTOR | Contains information on the security privileges of the user. |
| USER_ALL_INFORMATION | Contains information on the session user. Used with subauthentication packages. |
Credentials Management Structures
The Credentials Management API includes the following structures.
| Structure | Description |
|---|---|
| CERT_CREDENTIAL_INFO | Contains a reference to a certificate. |
| CREDENTIAL | Contains an individual credential. |
| CREDENTIAL_ATTRIBUTE | Contains an application-defined attribute of the credential. |
| CREDENTIAL_TARGET_INFORMATION | Contains the target computer's name, domain, and tree. |
| CREDUI_INFO | Controls the appearance of the Credentials Management dialog boxes. |
| USERNAME_TARGET_CREDENTIAL_INFO | Contains a reference to a credential. This structure is used to pass a user name into the CredMarshalCredential function and out of the CredUnmarshalCredential. |
Smart Card Structures
Smart Card provides the following structures.
| Structure | Description |
|---|---|
| OPENCARD_SEARCH_CRITERIA | Provides specific search information used by the SCardUIDlgSelectCard function. |
| OPENCARDNAME | Provides information used by the GetOpenCardName function. |
| OPENCARDNAME_EX | Provides information used by the SCardUIDlgSelectCard function. |
| SCARD_ATRMASK | Locates cards using SCardLocateCardsByATR. |
| SCARD_IO_REQUEST | Begins a protocol control information structure. |
| SCARD_READERSTATE | Tracks smart cards within a reader. |