RPC_HTTP_TRANSPORT_CREDENTIALS_A structure (rpcdce.h)
The RPC_HTTP_TRANSPORT_CREDENTIALS structure defines additional credentials to authenticate to an RPC proxy server when using RPC/HTTP.
Syntax
typedef struct _RPC_HTTP_TRANSPORT_CREDENTIALS_A {
SEC_WINNT_AUTH_IDENTITY_A *TransportCredentials;
unsigned long Flags;
unsigned long AuthenticationTarget;
unsigned long NumberOfAuthnSchemes;
unsigned long *AuthnSchemes;
unsigned char *ServerCertificateSubject;
} RPC_HTTP_TRANSPORT_CREDENTIALS_A, *PRPC_HTTP_TRANSPORT_CREDENTIALS_A;
Members
TransportCredentials
A pointer to a SEC_WINNT_AUTH_IDENTITY structure that contains the user name, domain, and password for the user.
Flags
A set of flags that can be combined with the bitwise OR operator.
AuthenticationTarget
Specifies the authentication target.
Should be set to one or both of the following values:
NumberOfAuthnSchemes
The number of elements in the AuthnScheme array.
AuthnSchemes
ServerCertificateSubject
Contains an optional string with the expected server principal name. The principal name is in the same format as that generated for RpcCertGeneratePrincipalName (see Principal Names for more information). This member is used only when SSL is used. In such cases, the server certificate is checked against the generated principal name. If they do not match, an error is returned. This member enables clients to authenticate the RPC Proxy.
Remarks
If the TransportCredentials member is NULL and the authentication scheme is NTLM, the credentials of the currently logged on user are used. To avoid exposing user credentials on the network through a weak LM hash, user logon credentials are used only if one or both of the following conditions are true:
- Caller requested use of SSL and used the ServerCertificateSubject member. This scenario guarantees credentials are protected both in transit and at the final destination, even if a weak hash is used.
- The lncompatibilitylevel key is set to 2 or higher. This causes the NTLM security provider to emit or respond to only the strong NT hash, not the weak LM hash. In addition, customers are encouraged to use level 3 or higher, which will attempt NTLMv2.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows XP with SP1 [desktop apps only] |
Minimum supported server | Windows Server 2003 [desktop apps only] |
Header | rpcdce.h (include Rpc.h) |
See also
RPC_HTTP_TRANSPORT_CREDENTIALS_V2
RPC_HTTP_TRANSPORT_CREDENTIALS_V3