ICertRequest3::SetCredential method (certcli.h)
The SetCredential method sets the credential used to contact the Certificate Enrollment Web Service.
Syntax
HRESULT SetCredential(
[in] LONG hWnd,
[in] X509EnrollmentAuthFlags AuthType,
[in] BSTR strCredential,
[in] BSTR strPassword
);
Parameters
[in] hWnd
A handle to the parent window.
You must set the hWnd parameter there is a UI presented to obtain the credential.
For certificate based authorization, the handle is used if a UI prompt is needed to obtain the credential, for example, if the credential is on a smart card and a pin prompt is needed.
When using Kerberos, anonymous, or user name and password authentication, this parameter is ignored.
[in] AuthType
A value of the X509EnrollmentAuthFlags enumeration that specifies the authentication type.
| Value | Meaning |
|---|---|
|
Anonymous authentication.
Set the strCredential and strPassword parameters to NULL or to empty strings. |
|
Client authentication certificate installed on the local computer. The certificate contains a public key that is associated with a private key (not contained in the certificate). The certificate is used by the server to verify the identity of the client.
The strCredential parameter contains a binary 20-byte SHA-1 hash of the certificate to be passed to the Certificate Enrollment Web Service to authenticate the caller. Set the strPassword parameter to NULL or an empty string. The strCredential parameter must refer to a certificate installed in the relevant personal certificate store, and it must have an associated private key that is accessible to the caller. |
|
Kerberos authentication.
Set the strCredential and strPassword parameters to NULL or to empty strings. |
|
Plaintext user name and password authentication. The user name and password are encrypted when they are stored in the credential vault on the client.
The strCredential and strPassword parameters contain a user name string and a plaintext password that are supported by the Certificate Enrollment Web Service to authenticate the caller. Because an enrollment service connection always uses Secure Sockets Layer protocol (SSL), the password is encrypted when sent over the wire. |
[in] strCredential
A string that contains the credential.
[in] strPassword
A string that contains the password.
Return value
| Return code | Description |
|---|---|
|
The AuthType parameter must be X509AuthKerberos. |
Remarks
The SetCredential method must be called prior to calling the ICertRequest2::Submit method.
The strCredential and strPassword arguments change depending on the value specified in the AuthType parameter as shown in the following table.
| AuthType parameter | strCredential parameter | strPassword parameter |
|---|---|---|
| X509AuthAnonymous | NULL | NULL |
| X509AuthCertificate | A 20 byte SHA-1 hash (thumbprint) of the certificate | NULL |
| X509AuthKerberos | NULL | NULL |
| X509AuthUsername | A plaintext user name that is recognized by the Certificate Enrollment Web Service | A plaintext password that is associated with the user name |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 7 [desktop apps only] |
| Minimum supported server | Windows Server 2008 R2 [desktop apps only] |
| Target Platform | Windows |
| Header | certcli.h (include Certsrv.h) |
| Library | Certidl.lib |
| DLL | Certcli.dll |