RPC_HTTP_TRANSPORT_CREDENTIALS_A structure (rpcdce.h)

The RPC_HTTP_TRANSPORT_CREDENTIALS structure defines additional credentials to authenticate to an RPC proxy server when using RPC/HTTP.

Syntax

typedef struct _RPC_HTTP_TRANSPORT_CREDENTIALS_A {
  SEC_WINNT_AUTH_IDENTITY_A *TransportCredentials;
  unsigned long             Flags;
  unsigned long             AuthenticationTarget;
  unsigned long             NumberOfAuthnSchemes;
  unsigned long             *AuthnSchemes;
  unsigned char             *ServerCertificateSubject;
} RPC_HTTP_TRANSPORT_CREDENTIALS_A, *PRPC_HTTP_TRANSPORT_CREDENTIALS_A;

Members

TransportCredentials

A pointer to a SEC_WINNT_AUTH_IDENTITY structure that contains the user name, domain, and password for the user.

Flags

A set of flags that can be combined with the bitwise OR operator.

Value Meaning
RPC_C_HTTP_FLAG_USE_SSL
Instructs RPC to use SSL to communicate with the RPC Proxy.
RPC_C_HTTP_FLAG_USE_FIRST_AUTH_SCHEME
When set, RPC chooses the first scheme in the AuthnSchemes array and attempts to authenticate to the RPC Proxy. If the RPC Proxy does not support the selected authentication scheme, the call fails. When not set, the RPC client queries the RPC Proxy for supported authentication schemes, and chooses one.

AuthenticationTarget

Specifies the authentication target.

Should be set to one or both of the following values:

Value Meaning
RPC_C_HTTP_AUTHN_TARGET_SERVER
Authenticate against the RPC Proxy, which is the HTTP Server from an HTTP perspective. This is the most common value.
RPC_C_HTTP_AUTHN_TARGET_PROXY
Authenticate against the HTTP Proxy. This value is uncommon.

NumberOfAuthnSchemes

The number of elements in the AuthnScheme array.

AuthnSchemes

ServerCertificateSubject

Contains an optional string with the expected server principal name. The principal name is in the same format as that generated for RpcCertGeneratePrincipalName (see Principal Names for more information). This member is used only when SSL is used. In such cases, the server certificate is checked against the generated principal name. If they do not match, an error is returned. This member enables clients to authenticate the RPC Proxy.

Remarks

If the TransportCredentials member is NULL and the authentication scheme is NTLM, the credentials of the currently logged on user are used. To avoid exposing user credentials on the network through a weak LM hash, user logon credentials are used only if one or both of the following conditions are true:

  • Caller requested use of SSL and used the ServerCertificateSubject member. This scenario guarantees credentials are protected both in transit and at the final destination, even if a weak hash is used.
  • The lncompatibilitylevel key is set to 2 or higher. This causes the NTLM security provider to emit or respond to only the strong NT hash, not the weak LM hash. In addition, customers are encouraged to use level 3 or higher, which will attempt NTLMv2.
If the Unicode version of the RpcBindingSetAuthInfoEx function is used, Unicode versions of the RPC_HTTP_TRANSPORT_CREDENTIALS and SEC_WINNT_AUTH_IDENTITY structures must also be provided, and the Flags member in TransportCredentials must be set to SEC_WINNT_AUTH_IDENTITY_UNICODE. If the ANSI version of the RpcBindingSetAuthInfoEx function is used, ANSI versions of RPC_HTTP_TRANSPORT_CREDENTIALS and SEC_WINNT_AUTH_IDENTITY structures must be provided, and the Flags member in TransportCredentials must be set to SEC_WINNT_AUTH_IDENTITY_ANSI.

Requirements

Requirement Value
Minimum supported client Windows XP with SP1 [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Header rpcdce.h (include Rpc.h)

See also

Principal Names

RPC_HTTP_TRANSPORT_CREDENTIALS_V2

RPC_HTTP_TRANSPORT_CREDENTIALS_V3

RPC_SECURITY_QOS

RPC_SECURITY_QOS_V2

RPC_SECURITY_QOS_V3

Remote Procedure Calls Using RPC over HTTP

RpcBindingSetAuthInfoEx

RpcCertGeneratePrincipalName

SEC_WINNT_AUTH_IDENTITY