CLAIM_SECURITY_ATTRIBUTE_V1 structure (winnt.h)
The CLAIM_SECURITY_ATTRIBUTE_V1 structure defines a security attribute that can be associated with a token or authorization context.
Syntax
typedef struct _CLAIM_SECURITY_ATTRIBUTE_V1 {
PWSTR Name;
WORD ValueType;
WORD Reserved;
DWORD Flags;
DWORD ValueCount;
union {
PLONG64 pInt64;
PDWORD64 pUint64;
PWSTR *ppString;
PCLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE pFqbn;
PCLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE pOctetString;
} Values;
} CLAIM_SECURITY_ATTRIBUTE_V1, *PCLAIM_SECURITY_ATTRIBUTE_V1;
Members
Name
A pointer to a string of Unicode characters that contains the name of the security attribute. This string must be at least 4 bytes in length.
ValueType
A union tag value that indicates the type of information contained in the Values member. The ValueType member must be one of the following values (see remarks for additional information).
| Value | Meaning |
|---|---|
|
The Values member refers to an array of LONG64 values. |
|
The Values member refers to an array of ULONG64 values. |
|
The Values member refers to an array of pointers to Unicode string values. |
|
The Values member refers to an array of CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE values. |
|
The Values member refers to an array of CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE values where the pValue member of each CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE is a PSID. |
|
The Values member refers to an array of ULONG64 values where each element indicates a Boolean value. The value 1 indicates TRUE and the value 0 indicates FALSE. |
|
The Values member refers to an array of CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE values. |
Reserved
This member is reserved and must be set to zero when sent and must be ignored when received.
Flags
The attribute flags that are a 32-bitmask. Bits 16 through 31 may be set to any value. Bits 0 through 15 must be zero or a combination of one or more of the following mask values.
| Value | Meaning |
|---|---|
|
This attribute is ignored by the operating system. This claim security attribute is not inherited across processes. |
|
The value of the claim security attribute is case sensitive. This flag is valid for values that contain string types. |
|
The claim security attribute is considered only for deny access control entries (ACEs). |
|
The claim security attribute is disabled by default. |
|
The claim security attribute is disabled and will not be applied by the AccessCheck function. |
|
The claim security attribute is mandatory. |
ValueCount
The number of values specified in the Values member.
Values
An array of security attribute values of the type specified in the ValueType member.
Values.pInt64
Pointer to an array of ValueCount members where each member is a LONG64 of type CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64.
Values.pUint64
Pointer to an array of ValueCount members where each member is a ULONG64 of type CLAIM_SECURITY_ATTRIBUTE_TYPE_UINT64.
Values.ppString
Pointer to an array of ValueCount members where each member is a PWSTR of type CLAIM_SECURITY_ATTRIBUTE_TYPE_STRING.
Values.pFqbn
Pointer to an array of ValueCount members where each member is a fully qualified binary name value of type CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE.
Values.pOctetString
Pointer to an array of ValueCount members where each member is an octet string of type CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE.
Remarks
The field value type indicates that the value can be an octet string or a SID. However, the Directory Services documentation for claims entries specifies that effective possible data types for claims are limited to Int64, UInt64, UnicodeString, and Boolean.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 8 [desktop apps only] |
| Minimum supported server | Windows Server 2012 [desktop apps only] |
| Header | winnt.h |