sspi.h header
This header is used by Security and Identity. For more information, see:
sspi.h contains the following programming interfaces:
Functions
| AcceptSecurityContext Lets the server component of a transport application establish a security context between the server and a remote client. |
| AcquireCredentialsHandleA The AcquireCredentialsHandle (CredSSP) function acquires a handle to preexisting credentials of a security principal. (ANSI) |
| AcquireCredentialsHandleW The AcquireCredentialsHandle (CredSSP) function acquires a handle to preexisting credentials of a security principal. (Unicode) |
| AddCredentialsA AddCredentialsA (ANSI) adds a credential to the list of credentials. |
| AddCredentialsW AddCredentialsW (Unicode) adds a credential to the list of credentials. |
| AddSecurityPackageA Adds a security support provider to the list of providers supported by Microsoft Negotiate. (ANSI) |
| AddSecurityPackageW Adds a security support provider to the list of providers supported by Microsoft Negotiate. (Unicode) |
| ApplyControlToken Provides a way to apply a control token to a security context. |
| ChangeAccountPasswordA Changes the password for a Windows domain account by using the specified Security Support Provider. (ANSI) |
| ChangeAccountPasswordW Changes the password for a Windows domain account by using the specified Security Support Provider. (Unicode) |
| CompleteAuthToken Completes an authentication token. (CompleteAuthToken) |
| DecryptMessage Decrypts a message by using Digest. |
| DelegateSecurityContext Delegates the security context to the specified server. |
| DeleteSecurityContext Deletes the local data structures associated with the specified security context initiated by a previous call to the InitializeSecurityContext (General) function or the AcceptSecurityContext (General) function. |
| DeleteSecurityPackageA Deletes a security support provider from the list of providers supported by Microsoft Negotiate. (ANSI) |
| DeleteSecurityPackageW Deletes a security support provider from the list of providers supported by Microsoft Negotiate. (Unicode) |
| EncryptMessage Encrypts a message to provide privacy by using Digest. |
| EnumerateSecurityPackagesA Returns an array of SecPkgInfo structures that provide information about the security packages available to the client. (ANSI) |
| EnumerateSecurityPackagesW Returns an array of SecPkgInfo structures that provide information about the security packages available to the client. (Unicode) |
| ExportSecurityContext The ExportSecurityContext function creates a serialized representation of a security context that can later be imported into a different process by calling ImportSecurityContext. |
| FreeContextBuffer Enables callers of security package functions to free memory buffers allocated by the security package. |
| FreeCredentialsHandle Notifies the security system that the credentials are no longer needed. |
| ImpersonateSecurityContext Allows a server to impersonate a client by using a token previously obtained by a call to AcceptSecurityContext (General) or QuerySecurityContextToken. |
| ImportSecurityContextA Imports a security context. The security context must have been exported to the process calling ImportSecurityContext by a previous call to ExportSecurityContext. (ANSI) |
| ImportSecurityContextW Imports a security context. The security context must have been exported to the process calling ImportSecurityContext by a previous call to ExportSecurityContext. (Unicode) |
| InitializeSecurityContextA Initiates the client side, outbound security context from a credential handle. (ANSI) |
| InitializeSecurityContextW Initiates the client side, outbound security context from a credential handle. (Unicode) |
| InitSecurityInterfaceA The InitSecurityInterface function returns a pointer to an SSPI dispatch table. This function enables clients to use SSPI without binding directly to an implementation of the interface. (ANSI) |
| InitSecurityInterfaceW The InitSecurityInterface function returns a pointer to an SSPI dispatch table. This function enables clients to use SSPI without binding directly to an implementation of the interface. (Unicode) |
| MakeSignature Generates a cryptographic checksum of the message, and also includes sequencing information to prevent message loss or insertion. |
| QueryContextAttributesA Lets a transport application query the Credential Security Support Provider (CredSSP) security package for certain attributes of a security context. (ANSI) |
| QueryContextAttributesExA The QueryContextAttributesExA (ANSI) function (sspi.h) enables a transport application to query a security package for certain attributes of a security context. |
| QueryContextAttributesExW The QueryContextAttributesExW (Unicode) function (sspi.h) enables a transport application to query a security package for certain attributes of a security context. |
| QueryContextAttributesW Lets a transport application query the Credential Security Support Provider (CredSSP) security package for certain attributes of a security context. (Unicode) |
| QueryCredentialsAttributesA Retrieves the attributes of a credential, such as the name associated with the credential. (ANSI) |
| QueryCredentialsAttributesExA Query the attributes of a security context. |
| QueryCredentialsAttributesExW Query the attributes of a security context. |
| QueryCredentialsAttributesW Retrieves the attributes of a credential, such as the name associated with the credential. (Unicode) |
| QuerySecurityContextToken Obtains the access token for a client security context and uses it directly. |
| QuerySecurityPackageInfoA Retrieves information about a specified security package. This information includes the bounds on sizes of authentication information, credentials, and contexts. (ANSI) |
| QuerySecurityPackageInfoW Retrieves information about a specified security package. This information includes the bounds on sizes of authentication information, credentials, and contexts. (Unicode) |
| RevertSecurityContext Allows a security package to discontinue the impersonation of the caller and restore its own security context. |
| SaslAcceptSecurityContext Wraps a standard call to the Security Support Provider Interface AcceptSecurityContext (General) function and includes creation of SASL server cookies. |
| SaslEnumerateProfilesA Lists the packages that provide a SASL interface. (ANSI) |
| SaslEnumerateProfilesW Lists the packages that provide a SASL interface. (Unicode) |
| SaslGetContextOption Retrieves the specified property of the specified SASL context. |
| SaslGetProfilePackageA Returns the package information for the specified package. (ANSI) |
| SaslGetProfilePackageW Returns the package information for the specified package. (Unicode) |
| SaslIdentifyPackageA Returns the negotiate prefix that matches the specified SASL negotiation buffer. (ANSI) |
| SaslIdentifyPackageW Returns the negotiate prefix that matches the specified SASL negotiation buffer. (Unicode) |
| SaslInitializeSecurityContextA Wraps a standard call to the Security Support Provider Interface InitializeSecurityContext (General) function and processes SASL server cookies from the server. (ANSI) |
| SaslInitializeSecurityContextW Wraps a standard call to the Security Support Provider Interface InitializeSecurityContext (General) function and processes SASL server cookies from the server. (Unicode) |
| SaslSetContextOption Sets the value of the specified property for the specified SASL context. |
| SetContextAttributesA Enables a transport application to set attributes of a security context for a security package. This function is supported only by the Schannel security package. (ANSI) |
| SetContextAttributesW Enables a transport application to set attributes of a security context for a security package. This function is supported only by the Schannel security package. (Unicode) |
| SetCredentialsAttributesA Sets the attributes of a credential, such as the name associated with the credential. (ANSI) |
| SetCredentialsAttributesW Sets the attributes of a credential, such as the name associated with the credential. (Unicode) |
| SspiAcceptSecurityContextAsync Lets the server component of a transport application asynchronously establish a security context between the server and a remote client. |
| SspiAcquireCredentialsHandleAsyncA Asynchronously acquires a handle to preexisting credentials of a security principal. (ANSI) |
| SspiAcquireCredentialsHandleAsyncW Asynchronously acquires a handle to preexisting credentials of a security principal. (Unicode) |
| SspiAsyncContextRequiresNotify Determines whether a given async context requires notification on completion of the call. |
| SspiCompareAuthIdentities Compares the two specified credentials. |
| SspiCopyAuthIdentity Creates a copy of the specified opaque credential structure. |
| SspiCreateAsyncContext Creates an instance of SspiAsyncContext which is used to track the async call. |
| SspiDecryptAuthIdentity Decrypts the specified encrypted credential. |
| SspiDecryptAuthIdentityEx Decrypts a SEC_WINNT_AUTH_IDENTITY_OPAQUE structure. |
| SspiDeleteSecurityContextAsync Deletes the local data structures associated with the specified security context initiated by a previous call to the SspiInitializeSecurityContextAsync function or the SspiAcceptSecurityContextAsync function. |
| SspiEncodeAuthIdentityAsStrings Encodes the specified authentication identity as three strings. |
| SspiEncodeStringsAsAuthIdentity Encodes a set of three credential strings as an authentication identity structure. |
| SspiEncryptAuthIdentity Encrypts the specified identity structure. |
| SspiEncryptAuthIdentityEx Encrypts a SEC_WINNT_AUTH_IDENTITY_OPAQUE structure. |
| SspiExcludePackage Creates a new identity structure that is a copy of the specified identity structure modified to exclude the specified security support provider (SSP). |
| SspiFreeAsyncContext Frees up a context created in the call to the SspiCreateAsyncContext function. |
| SspiFreeAuthIdentity Frees the memory allocated for the specified identity structure. |
| SspiFreeCredentialsHandleAsync Frees up a credential handle. |
| SspiGetAsyncCallStatus Gets the current status of an async call associated with the provided context. |
| SspiGetCredUIContext Retrieves context information from a credential provider. (SspiGetCredUIContext) |
| SspiGetTargetHostName Gets the host name associated with the specified target. |
| SspiInitializeSecurityContextAsyncA Initializes an async security context. (ANSI) |
| SspiInitializeSecurityContextAsyncW Initializes an async security context. (Unicode) |
| SspiIsAuthIdentityEncrypted Indicates whether the specified identity structure is encrypted. |
| SspiIsPromptingNeeded Indicates whether an error returned after a call to either the InitializeSecurityContext or the AcceptSecurityContext function requires an additional call to the SspiPromptForCredentials function. |
| SspiLocalFree Frees the memory associated with the specified buffer. |
| SspiMarshalAuthIdentity Serializes the specified identity structure into a byte array. |
| SspiPrepareForCredRead Generates a target name and credential type from the specified identity structure. |
| SspiPrepareForCredWrite Generates values from an identity structure that can be passed as the values of parameters in a call to the CredWrite function. |
| SspiPromptForCredentialsA Allows a Security Support Provider Interface (SSPI) application to prompt a user to enter credentials. (ANSI) |
| SspiPromptForCredentialsW Allows a Security Support Provider Interface (SSPI) application to prompt a user to enter credentials. (Unicode) |
| SspiReinitAsyncContext Marks an async context for reuse. |
| SspiSetAsyncNotifyCallback Registers a callback that is notified on async call completion. |
| SspiUnmarshalAuthIdentity Deserializes the specified array of byte values into an identity structure. |
| SspiUnmarshalCredUIContext Deserializes credential information obtained by a credential provider during a previous call to the ICredentialProvider::SetSerialization method. |
| SspiUpdateCredentials Updates the credentials associated with the specified context. (SspiUpdateCredentials) |
| SspiValidateAuthIdentity Indicates whether the specified identity structure is valid. |
| SspiZeroAuthIdentity Fills the block of memory associated with the specified identity structure with zeros. |
| VerifySignature Verifies that a message signed by using the MakeSignature function was received in the correct sequence and has not been modified. |
Callback functions
| SspiAsyncNotifyCallback Callback used for notifying completion of an async SSPI call. |
Structures
| CREDUIWIN_MARSHALED_CONTEXT Specifies credential information that has been serialized by using the ICredentialProvider::SetSerialization method. |
| SEC_APPLICATION_PROTOCOL_LIST Stores a list of application protocols. |
| SEC_APPLICATION_PROTOCOLS Stores an array of application protocol lists. |
| SEC_CERTIFICATE_REQUEST_CONTEXT Stores the certificate request context. |
| SEC_CHANNEL_BINDINGS Specifies channel binding information for a security context. |
| SEC_DTLS_MTU Stores the DTLS MTU. |
| SEC_FLAGS Contains the security flags. |
| SEC_NEGOTIATION_INFO Stores the security negotiation information. |
| SEC_PRESHAREDKEY Contains the pre-shared key information. |
| SEC_PRESHAREDKEY_IDENTITY Contains the identity for a pre-shared key. |
| SEC_SRTP_MASTER_KEY_IDENTIFIER Stores the SRTP master key identifier. |
| SEC_SRTP_PROTECTION_PROFILES Stores the SRTP protection profiles. |
| SEC_TOKEN_BINDING Stores the token binding information. |
| SEC_TRAFFIC_SECRETS Contains the traffic secrets for a connection. |
| SEC_WINNT_AUTH_BYTE_VECTOR Specifies the byte offset and array length of the data in an authentication structure. |
| SEC_WINNT_AUTH_CERTIFICATE_DATA Specifies serialized certificate information. |
| SEC_WINNT_AUTH_DATA Specifies authentication data. |
| SEC_WINNT_AUTH_DATA_PASSWORD Specifies a serialized password. |
| SEC_WINNT_AUTH_DATA_TYPE_SMARTCARD_CONTEXTS_DATA Contains the authentication data for a smartcard context. |
| SEC_WINNT_AUTH_FIDO_DATA Contains data for FIDO authentication. |
| SEC_WINNT_AUTH_IDENTITY_A Allows you to pass a particular user name and password to the run-time library for the purpose of authentication. (ANSI) |
| SEC_WINNT_AUTH_IDENTITY_EX2 Contains information about an authentication identity. |
| SEC_WINNT_AUTH_IDENTITY_EXA The SEC_WINNT_AUTH_IDENTITY_EXA (ANSI) structure contains information about a user. |
| SEC_WINNT_AUTH_IDENTITY_EXW The SEC_WINNT_AUTH_IDENTITY_EXW (Unicode) structure contains information about a user. |
| SEC_WINNT_AUTH_IDENTITY_INFO Contains the identity information for authentication. |
| SEC_WINNT_AUTH_IDENTITY_W Allows you to pass a particular user name and password to the run-time library for the purpose of authentication. (Unicode) |
| SEC_WINNT_AUTH_NGC_DATA Contains the NGC data for authentication. |
| SEC_WINNT_AUTH_PACKED_CREDENTIALS Specifies serialized credentials. |
| SEC_WINNT_AUTH_PACKED_CREDENTIALS_EX Specifies serialized credentials and a list of security packages that support the credentials. |
| SEC_WINNT_AUTH_SHORT_VECTOR Specifies the offset and number of characters in an array of USHORT values. |
| SEC_WINNT_CREDUI_CONTEXT Specifies unserialized credential information. |
| SEC_WINNT_CREDUI_CONTEXT_VECTOR Specifies the offset and size of the credential context data in a SEC_WINNT_CREDUI_CONTEXT structure. |
| SecBuffer Describes a buffer allocated by a transport application to pass to a security package. |
| SecBufferDesc The SecBufferDesc structure describes an array of SecBuffer structures to pass from a transport application to a security package. |
| SecHandle Represents a security handle. |
| SecPkgContext_AccessToken Returns a handle to the access token for the current security context. |
| SecPkgContext_ApplicationProtocol Contains information about the application protocol of the security context. |
| SecPkgContext_AuthorityA The SecPkgContext_Authority structure contains the name of the authenticating authority if one is available. (ANSI) |
| SecPkgContext_AuthorityW The SecPkgContext_Authority structure contains the name of the authenticating authority if one is available. (Unicode) |
| SecPkgContext_AuthzID Contains information about the AuthzID of the security context. |
| SecPkgContext_Bindings Specifies a structure that contains channel binding information for a security context. |
| SecPkgContext_ClientSpecifiedTarget Specifies the service principal name (SPN) of the initial target when calling the QueryContextAttributes (Digest) function. |
| SecPkgContext_CredentialNameA Contains the credential name and type. |
| SecPkgContext_CredentialNameW Information about the credential name of the security context. |
| SecPkgContext_CredInfo Specifies the type of credentials used to create a client context. |
| SecPkgContext_DceInfo The SecPkgContext_DceInfo structure contains authorization data used by DCE services. The QueryContextAttributes (General) function uses this structure. |
| SecPkgContext_Flags The SecPkgContext_Flags structure contains information about the flags in the current security context. This structure is returned by QueryContextAttributes (General). |
| SecPkgContext_KeyInfoA The SecPkgContext_KeyInfo structure contains information about the session keys used in a security context. (ANSI) |
| SecPkgContext_KeyInfoW The SecPkgContext_KeyInfo structure contains information about the session keys used in a security context. (Unicode) |
| SecPkgContext_LastClientTokenStatus Specifies whether the token from the most recent call to the InitializeSecurityContext function is the last token from the client. |
| SecPkgContext_Lifespan The SecPkgContext_Lifespan structure indicates the life span of a security context. The QueryContextAttributes (General) function uses this structure. |
| SecPkgContext_LogoffTime The logoff time of the security context. |
| SecPkgContext_NamesA The SecPkgContext_Names structure indicates the name of the user associated with a security context. The QueryContextAttributes (General) function uses this structure. (ANSI) |
| SecPkgContext_NamesW The SecPkgContext_Names structure indicates the name of the user associated with a security context. The QueryContextAttributes (General) function uses this structure. (Unicode) |
| SecPkgContext_NativeNamesA Contains the client and server principal names. |
| SecPkgContext_NativeNamesW The native names of the client and server in the security context. |
| SecPkgContext_NegoKeys Holds the negotiated security package keys. |
| SecPkgContext_NegoPackageInfo Holds information about the negotiated application package. |
| SecPkgContext_NegoStatus Specifies the error status of the last attempt to create a client context. |
| SecPkgContext_NegotiatedTlsExtensions The SecPkgContext_NegotiatedTlsExtensions structure contains information about the (D)TLS extensions negotiated for the current (D)TLS connection. |
| SecPkgContext_NegotiationInfoA The SecPkgContext_NegotiationInfo structure contains information on the security package that is being set up or has been set up, and also gives the status on the negotiation to set up the security package. (ANSI) |
| SecPkgContext_NegotiationInfoW The SecPkgContext_NegotiationInfo structure contains information on the security package that is being set up or has been set up, and also gives the status on the negotiation to set up the security package. (Unicode) |
| SecPkgContext_PackageInfoA Holds application package information. |
| SecPkgContext_PackageInfoW Holds package information. |
| SecPkgContext_PasswordExpiry The SecPkgContext_PasswordExpiry structure contains information about the expiration of a password or other credential used for the security context. This structure is returned by QueryContextAttributes (General). |
| SecPkgContext_ProtoInfoA The SecPkgContext_ProtoInfo structure holds information about the protocol in use. (ANSI) |
| SecPkgContext_ProtoInfoW The SecPkgContext_ProtoInfo structure holds information about the protocol in use. (Unicode) |
| SecPkgContext_SessionKey The SecPkgContext_SessionKey structure contains information about the session key used for the security context. This structure is returned by the QueryContextAttributes (General) function. |
| SecPkgContext_Sizes The SecPkgContext_Sizes structure indicates the sizes of important structures used in the message support functions. The QueryContextAttributes (General) function uses this structure. |
| SecPkgContext_StreamSizes Indicates the sizes of the various parts of a stream for use with the message support functions. The QueryContextAttributes (General) function uses this structure. |
| SecPkgContext_SubjectAttributes Returns the security attribute information. |
| SecPkgContext_Target Holds target information. |
| SecPkgContext_TargetInformation Returns information about the credential used for the security context. |
| SecPkgContext_UserFlags Holds the user flags. |
| SecPkgCredentials_Cert Specifies the certificate credentials. The QueryCredentialsAttributes function uses this structure. |
| SecPkgCredentials_KdcProxySettingsW Specifies the Kerberos proxy settings for the credentials. |
| SecPkgCredentials_NamesA The SecPkgCredentials_Names structure holds the name of the user associated with a context. The QueryCredentialsAttributes function uses this structure. (ANSI) |
| SecPkgCredentials_NamesW The SecPkgCredentials_Names structure holds the name of the user associated with a context. The QueryCredentialsAttributes function uses this structure. (Unicode) |
| SecPkgCredentials_SSIProviderA The SecPkgCredentials_SSIProvider structure holds the SSI provider information associated with a context. The QueryCredentialsAttributes function uses this structure. (ANSI) |
| SecPkgCredentials_SSIProviderW The SecPkgCredentials_SSIProvider structure holds the SSI provider information associated with a context. The QueryCredentialsAttributes function uses this structure. (Unicode) |
| SecPkgInfoA The SecPkgInfo structure provides general information about a security package, such as its name and capabilities. (ANSI) |
| SecPkgInfoW The SecPkgInfo structure provides general information about a security package, such as its name and capabilities. (Unicode) |
| SECURITY_INTEGER SECURITY_INTEGER is a structure that holds a numeric value. It is used in defining other types. |
| SECURITY_PACKAGE_OPTIONS Specifies information about a security package. |
| SECURITY_STRING Used as the string interface for kernel operations and is a clone of the UNICODE_STRING structure. |
| SecurityFunctionTableA The SecurityFunctionTable structure is a dispatch table that contains pointers to the functions defined in SSPI. (ANSI) |
| SecurityFunctionTableW The SecurityFunctionTable structure is a dispatch table that contains pointers to the functions defined in SSPI. (Unicode) |
Enumerations
| SEC_APPLICATION_PROTOCOL_NEGOTIATION_EXT Indicates the application protocol extension that is negotiated. |
| SEC_APPLICATION_PROTOCOL_NEGOTIATION_STATUS Describes the status of the SEC application protocol negotiation. |
| SEC_TRAFFIC_SECRET_TYPE Indicates the traffic secret type used. |
| SecDelegationType The type of delegation used. |
| SECPKG_ATTR_LCT_STATUS Indicates whether the token from the most recent call to the InitializeSecurityContext function is the last token from the client. |
| SECPKG_CRED_CLASS Indicates the type of credential used in a client context. The SECPKG_CRED_CLASS enumeration is used in the SecPkgContext_CredInfo structure. |