sspi.h header

This header is used by Security and Identity. For more information, see:

sspi.h contains the following programming interfaces:

Functions

 
AcceptSecurityContext

Lets the server component of a transport application establish a security context between the server and a remote client.
AcquireCredentialsHandleA

The AcquireCredentialsHandle (CredSSP) function acquires a handle to preexisting credentials of a security principal. (ANSI)
AcquireCredentialsHandleW

The AcquireCredentialsHandle (CredSSP) function acquires a handle to preexisting credentials of a security principal. (Unicode)
AddCredentialsA

AddCredentialsA (ANSI) adds a credential to the list of credentials.
AddCredentialsW

AddCredentialsW (Unicode) adds a credential to the list of credentials.
AddSecurityPackageA

Adds a security support provider to the list of providers supported by Microsoft Negotiate. (ANSI)
AddSecurityPackageW

Adds a security support provider to the list of providers supported by Microsoft Negotiate. (Unicode)
ApplyControlToken

Provides a way to apply a control token to a security context.
ChangeAccountPasswordA

Changes the password for a Windows domain account by using the specified Security Support Provider. (ANSI)
ChangeAccountPasswordW

Changes the password for a Windows domain account by using the specified Security Support Provider. (Unicode)
CompleteAuthToken

Completes an authentication token. (CompleteAuthToken)
DecryptMessage

Decrypts a message by using Digest.
DelegateSecurityContext

Delegates the security context to the specified server.
DeleteSecurityContext

Deletes the local data structures associated with the specified security context initiated by a previous call to the InitializeSecurityContext (General) function or the AcceptSecurityContext (General) function.
DeleteSecurityPackageA

Deletes a security support provider from the list of providers supported by Microsoft Negotiate. (ANSI)
DeleteSecurityPackageW

Deletes a security support provider from the list of providers supported by Microsoft Negotiate. (Unicode)
EncryptMessage

Encrypts a message to provide privacy by using Digest.
EnumerateSecurityPackagesA

Returns an array of SecPkgInfo structures that provide information about the security packages available to the client. (ANSI)
EnumerateSecurityPackagesW

Returns an array of SecPkgInfo structures that provide information about the security packages available to the client. (Unicode)
ExportSecurityContext

The ExportSecurityContext function creates a serialized representation of a security context that can later be imported into a different process by calling ImportSecurityContext.
FreeContextBuffer

Enables callers of security package functions to free memory buffers allocated by the security package.
FreeCredentialsHandle

Notifies the security system that the credentials are no longer needed.
ImpersonateSecurityContext

Allows a server to impersonate a client by using a token previously obtained by a call to AcceptSecurityContext (General) or QuerySecurityContextToken.
ImportSecurityContextA

Imports a security context. The security context must have been exported to the process calling ImportSecurityContext by a previous call to ExportSecurityContext. (ANSI)
ImportSecurityContextW

Imports a security context. The security context must have been exported to the process calling ImportSecurityContext by a previous call to ExportSecurityContext. (Unicode)
InitializeSecurityContextA

Initiates the client side, outbound security context from a credential handle. (ANSI)
InitializeSecurityContextW

Initiates the client side, outbound security context from a credential handle. (Unicode)
InitSecurityInterfaceA

The InitSecurityInterface function returns a pointer to an SSPI dispatch table. This function enables clients to use SSPI without binding directly to an implementation of the interface. (ANSI)
InitSecurityInterfaceW

The InitSecurityInterface function returns a pointer to an SSPI dispatch table. This function enables clients to use SSPI without binding directly to an implementation of the interface. (Unicode)
MakeSignature

Generates a cryptographic checksum of the message, and also includes sequencing information to prevent message loss or insertion.
QueryContextAttributesA

Lets a transport application query the Credential Security Support Provider (CredSSP) security package for certain attributes of a security context. (ANSI)
QueryContextAttributesExA

The QueryContextAttributesExA (ANSI) function (sspi.h) enables a transport application to query a security package for certain attributes of a security context.
QueryContextAttributesExW

The QueryContextAttributesExW (Unicode) function (sspi.h) enables a transport application to query a security package for certain attributes of a security context.
QueryContextAttributesW

Lets a transport application query the Credential Security Support Provider (CredSSP) security package for certain attributes of a security context. (Unicode)
QueryCredentialsAttributesA

Retrieves the attributes of a credential, such as the name associated with the credential. (ANSI)
QueryCredentialsAttributesExA

Query the attributes of a security context.
QueryCredentialsAttributesExW

Query the attributes of a security context.
QueryCredentialsAttributesW

Retrieves the attributes of a credential, such as the name associated with the credential. (Unicode)
QuerySecurityContextToken

Obtains the access token for a client security context and uses it directly.
QuerySecurityPackageInfoA

Retrieves information about a specified security package. This information includes the bounds on sizes of authentication information, credentials, and contexts. (ANSI)
QuerySecurityPackageInfoW

Retrieves information about a specified security package. This information includes the bounds on sizes of authentication information, credentials, and contexts. (Unicode)
RevertSecurityContext

Allows a security package to discontinue the impersonation of the caller and restore its own security context.
SaslAcceptSecurityContext

Wraps a standard call to the Security Support Provider Interface AcceptSecurityContext (General) function and includes creation of SASL server cookies.
SaslEnumerateProfilesA

Lists the packages that provide a SASL interface. (ANSI)
SaslEnumerateProfilesW

Lists the packages that provide a SASL interface. (Unicode)
SaslGetContextOption

Retrieves the specified property of the specified SASL context.
SaslGetProfilePackageA

Returns the package information for the specified package. (ANSI)
SaslGetProfilePackageW

Returns the package information for the specified package. (Unicode)
SaslIdentifyPackageA

Returns the negotiate prefix that matches the specified SASL negotiation buffer. (ANSI)
SaslIdentifyPackageW

Returns the negotiate prefix that matches the specified SASL negotiation buffer. (Unicode)
SaslInitializeSecurityContextA

Wraps a standard call to the Security Support Provider Interface InitializeSecurityContext (General) function and processes SASL server cookies from the server. (ANSI)
SaslInitializeSecurityContextW

Wraps a standard call to the Security Support Provider Interface InitializeSecurityContext (General) function and processes SASL server cookies from the server. (Unicode)
SaslSetContextOption

Sets the value of the specified property for the specified SASL context.
SetContextAttributesA

Enables a transport application to set attributes of a security context for a security package. This function is supported only by the Schannel security package. (ANSI)
SetContextAttributesW

Enables a transport application to set attributes of a security context for a security package. This function is supported only by the Schannel security package. (Unicode)
SetCredentialsAttributesA

Sets the attributes of a credential, such as the name associated with the credential. (ANSI)
SetCredentialsAttributesW

Sets the attributes of a credential, such as the name associated with the credential. (Unicode)
SspiAcceptSecurityContextAsync

Lets the server component of a transport application asynchronously establish a security context between the server and a remote client.
SspiAcquireCredentialsHandleAsyncA

Asynchronously acquires a handle to preexisting credentials of a security principal. (ANSI)
SspiAcquireCredentialsHandleAsyncW

Asynchronously acquires a handle to preexisting credentials of a security principal. (Unicode)
SspiAsyncContextRequiresNotify

Determines whether a given async context requires notification on completion of the call.
SspiCompareAuthIdentities

Compares the two specified credentials.
SspiCopyAuthIdentity

Creates a copy of the specified opaque credential structure.
SspiCreateAsyncContext

Creates an instance of SspiAsyncContext which is used to track the async call.
SspiDecryptAuthIdentity

Decrypts the specified encrypted credential.
SspiDecryptAuthIdentityEx

Decrypts a SEC_WINNT_AUTH_IDENTITY_OPAQUE structure.
SspiDeleteSecurityContextAsync

Deletes the local data structures associated with the specified security context initiated by a previous call to the SspiInitializeSecurityContextAsync function or the SspiAcceptSecurityContextAsync function.
SspiEncodeAuthIdentityAsStrings

Encodes the specified authentication identity as three strings.
SspiEncodeStringsAsAuthIdentity

Encodes a set of three credential strings as an authentication identity structure.
SspiEncryptAuthIdentity

Encrypts the specified identity structure.
SspiEncryptAuthIdentityEx

Encrypts a SEC_WINNT_AUTH_IDENTITY_OPAQUE structure.
SspiExcludePackage

Creates a new identity structure that is a copy of the specified identity structure modified to exclude the specified security support provider (SSP).
SspiFreeAsyncContext

Frees up a context created in the call to the SspiCreateAsyncContext function.
SspiFreeAuthIdentity

Frees the memory allocated for the specified identity structure.
SspiFreeCredentialsHandleAsync

Frees up a credential handle.
SspiGetAsyncCallStatus

Gets the current status of an async call associated with the provided context.
SspiGetCredUIContext

Retrieves context information from a credential provider. (SspiGetCredUIContext)
SspiGetTargetHostName

Gets the host name associated with the specified target.
SspiInitializeSecurityContextAsyncA

Initializes an async security context. (ANSI)
SspiInitializeSecurityContextAsyncW

Initializes an async security context. (Unicode)
SspiIsAuthIdentityEncrypted

Indicates whether the specified identity structure is encrypted.
SspiIsPromptingNeeded

Indicates whether an error returned after a call to either the InitializeSecurityContext or the AcceptSecurityContext function requires an additional call to the SspiPromptForCredentials function.
SspiLocalFree

Frees the memory associated with the specified buffer.
SspiMarshalAuthIdentity

Serializes the specified identity structure into a byte array.
SspiPrepareForCredRead

Generates a target name and credential type from the specified identity structure.
SspiPrepareForCredWrite

Generates values from an identity structure that can be passed as the values of parameters in a call to the CredWrite function.
SspiPromptForCredentialsA

Allows a Security Support Provider Interface (SSPI) application to prompt a user to enter credentials. (ANSI)
SspiPromptForCredentialsW

Allows a Security Support Provider Interface (SSPI) application to prompt a user to enter credentials. (Unicode)
SspiReinitAsyncContext

Marks an async context for reuse.
SspiSetAsyncNotifyCallback

Registers a callback that is notified on async call completion.
SspiUnmarshalAuthIdentity

Deserializes the specified array of byte values into an identity structure.
SspiUnmarshalCredUIContext

Deserializes credential information obtained by a credential provider during a previous call to the ICredentialProvider::SetSerialization method.
SspiUpdateCredentials

Updates the credentials associated with the specified context. (SspiUpdateCredentials)
SspiValidateAuthIdentity

Indicates whether the specified identity structure is valid.
SspiZeroAuthIdentity

Fills the block of memory associated with the specified identity structure with zeros.
VerifySignature

Verifies that a message signed by using the MakeSignature function was received in the correct sequence and has not been modified.

Callback functions

 
SspiAsyncNotifyCallback

Callback used for notifying completion of an async SSPI call.

Structures

 
CREDUIWIN_MARSHALED_CONTEXT

Specifies credential information that has been serialized by using the ICredentialProvider::SetSerialization method.
SEC_APPLICATION_PROTOCOL_LIST

Stores a list of application protocols.
SEC_APPLICATION_PROTOCOLS

Stores an array of application protocol lists.
SEC_CERTIFICATE_REQUEST_CONTEXT

Stores the certificate request context.
SEC_CHANNEL_BINDINGS

Specifies channel binding information for a security context.
SEC_DTLS_MTU

Stores the DTLS MTU.
SEC_FLAGS

Contains the security flags.
SEC_NEGOTIATION_INFO

Stores the security negotiation information.
SEC_PRESHAREDKEY

Contains the pre-shared key information.
SEC_PRESHAREDKEY_IDENTITY

Contains the identity for a pre-shared key.
SEC_SRTP_MASTER_KEY_IDENTIFIER

Stores the SRTP master key identifier.
SEC_SRTP_PROTECTION_PROFILES

Stores the SRTP protection profiles.
SEC_TOKEN_BINDING

Stores the token binding information.
SEC_TRAFFIC_SECRETS

Contains the traffic secrets for a connection.
SEC_WINNT_AUTH_BYTE_VECTOR

Specifies the byte offset and array length of the data in an authentication structure.
SEC_WINNT_AUTH_CERTIFICATE_DATA

Specifies serialized certificate information.
SEC_WINNT_AUTH_DATA

Specifies authentication data.
SEC_WINNT_AUTH_DATA_PASSWORD

Specifies a serialized password.
SEC_WINNT_AUTH_DATA_TYPE_SMARTCARD_CONTEXTS_DATA

Contains the authentication data for a smartcard context.
SEC_WINNT_AUTH_FIDO_DATA

Contains data for FIDO authentication.
SEC_WINNT_AUTH_IDENTITY_A

Allows you to pass a particular user name and password to the run-time library for the purpose of authentication. (ANSI)
SEC_WINNT_AUTH_IDENTITY_EX2

Contains information about an authentication identity.
SEC_WINNT_AUTH_IDENTITY_EXA

The SEC_WINNT_AUTH_IDENTITY_EXA (ANSI) structure contains information about a user.
SEC_WINNT_AUTH_IDENTITY_EXW

The SEC_WINNT_AUTH_IDENTITY_EXW (Unicode) structure contains information about a user.
SEC_WINNT_AUTH_IDENTITY_INFO

Contains the identity information for authentication.
SEC_WINNT_AUTH_IDENTITY_W

Allows you to pass a particular user name and password to the run-time library for the purpose of authentication. (Unicode)
SEC_WINNT_AUTH_NGC_DATA

Contains the NGC data for authentication.
SEC_WINNT_AUTH_PACKED_CREDENTIALS

Specifies serialized credentials.
SEC_WINNT_AUTH_PACKED_CREDENTIALS_EX

Specifies serialized credentials and a list of security packages that support the credentials.
SEC_WINNT_AUTH_SHORT_VECTOR

Specifies the offset and number of characters in an array of USHORT values.
SEC_WINNT_CREDUI_CONTEXT

Specifies unserialized credential information.
SEC_WINNT_CREDUI_CONTEXT_VECTOR

Specifies the offset and size of the credential context data in a SEC_WINNT_CREDUI_CONTEXT structure.
SecBuffer

Describes a buffer allocated by a transport application to pass to a security package.
SecBufferDesc

The SecBufferDesc structure describes an array of SecBuffer structures to pass from a transport application to a security package.
SecHandle

Represents a security handle.
SecPkgContext_AccessToken

Returns a handle to the access token for the current security context.
SecPkgContext_ApplicationProtocol

Contains information about the application protocol of the security context.
SecPkgContext_AuthorityA

The SecPkgContext_Authority structure contains the name of the authenticating authority if one is available. (ANSI)
SecPkgContext_AuthorityW

The SecPkgContext_Authority structure contains the name of the authenticating authority if one is available. (Unicode)
SecPkgContext_AuthzID

Contains information about the AuthzID of the security context.
SecPkgContext_Bindings

Specifies a structure that contains channel binding information for a security context.
SecPkgContext_ClientSpecifiedTarget

Specifies the service principal name (SPN) of the initial target when calling the QueryContextAttributes (Digest) function.
SecPkgContext_CredentialNameA

Contains the credential name and type.
SecPkgContext_CredentialNameW

Information about the credential name of the security context.
SecPkgContext_CredInfo

Specifies the type of credentials used to create a client context.
SecPkgContext_DceInfo

The SecPkgContext_DceInfo structure contains authorization data used by DCE services. The QueryContextAttributes (General) function uses this structure.
SecPkgContext_Flags

The SecPkgContext_Flags structure contains information about the flags in the current security context. This structure is returned by QueryContextAttributes (General).
SecPkgContext_KeyInfoA

The SecPkgContext_KeyInfo structure contains information about the session keys used in a security context. (ANSI)
SecPkgContext_KeyInfoW

The SecPkgContext_KeyInfo structure contains information about the session keys used in a security context. (Unicode)
SecPkgContext_LastClientTokenStatus

Specifies whether the token from the most recent call to the InitializeSecurityContext function is the last token from the client.
SecPkgContext_Lifespan

The SecPkgContext_Lifespan structure indicates the life span of a security context. The QueryContextAttributes (General) function uses this structure.
SecPkgContext_LogoffTime

The logoff time of the security context.
SecPkgContext_NamesA

The SecPkgContext_Names structure indicates the name of the user associated with a security context. The QueryContextAttributes (General) function uses this structure. (ANSI)
SecPkgContext_NamesW

The SecPkgContext_Names structure indicates the name of the user associated with a security context. The QueryContextAttributes (General) function uses this structure. (Unicode)
SecPkgContext_NativeNamesA

Contains the client and server principal names.
SecPkgContext_NativeNamesW

The native names of the client and server in the security context.
SecPkgContext_NegoKeys

Holds the negotiated security package keys.
SecPkgContext_NegoPackageInfo

Holds information about the negotiated application package.
SecPkgContext_NegoStatus

Specifies the error status of the last attempt to create a client context.
SecPkgContext_NegotiatedTlsExtensions

The SecPkgContext_NegotiatedTlsExtensions structure contains information about the (D)TLS extensions negotiated for the current (D)TLS connection.
SecPkgContext_NegotiationInfoA

The SecPkgContext_NegotiationInfo structure contains information on the security package that is being set up or has been set up, and also gives the status on the negotiation to set up the security package. (ANSI)
SecPkgContext_NegotiationInfoW

The SecPkgContext_NegotiationInfo structure contains information on the security package that is being set up or has been set up, and also gives the status on the negotiation to set up the security package. (Unicode)
SecPkgContext_PackageInfoA

Holds application package information.
SecPkgContext_PackageInfoW

Holds package information.
SecPkgContext_PasswordExpiry

The SecPkgContext_PasswordExpiry structure contains information about the expiration of a password or other credential used for the security context. This structure is returned by QueryContextAttributes (General).
SecPkgContext_ProtoInfoA

The SecPkgContext_ProtoInfo structure holds information about the protocol in use. (ANSI)
SecPkgContext_ProtoInfoW

The SecPkgContext_ProtoInfo structure holds information about the protocol in use. (Unicode)
SecPkgContext_SessionKey

The SecPkgContext_SessionKey structure contains information about the session key used for the security context. This structure is returned by the QueryContextAttributes (General) function.
SecPkgContext_Sizes

The SecPkgContext_Sizes structure indicates the sizes of important structures used in the message support functions. The QueryContextAttributes (General) function uses this structure.
SecPkgContext_StreamSizes

Indicates the sizes of the various parts of a stream for use with the message support functions. The QueryContextAttributes (General) function uses this structure.
SecPkgContext_SubjectAttributes

Returns the security attribute information.
SecPkgContext_Target

Holds target information.
SecPkgContext_TargetInformation

Returns information about the credential used for the security context.
SecPkgContext_UserFlags

Holds the user flags.
SecPkgCredentials_Cert

Specifies the certificate credentials. The QueryCredentialsAttributes function uses this structure.
SecPkgCredentials_KdcProxySettingsW

Specifies the Kerberos proxy settings for the credentials.
SecPkgCredentials_NamesA

The SecPkgCredentials_Names structure holds the name of the user associated with a context. The QueryCredentialsAttributes function uses this structure. (ANSI)
SecPkgCredentials_NamesW

The SecPkgCredentials_Names structure holds the name of the user associated with a context. The QueryCredentialsAttributes function uses this structure. (Unicode)
SecPkgCredentials_SSIProviderA

The SecPkgCredentials_SSIProvider structure holds the SSI provider information associated with a context. The QueryCredentialsAttributes function uses this structure. (ANSI)
SecPkgCredentials_SSIProviderW

The SecPkgCredentials_SSIProvider structure holds the SSI provider information associated with a context. The QueryCredentialsAttributes function uses this structure. (Unicode)
SecPkgInfoA

The SecPkgInfo structure provides general information about a security package, such as its name and capabilities. (ANSI)
SecPkgInfoW

The SecPkgInfo structure provides general information about a security package, such as its name and capabilities. (Unicode)
SECURITY_INTEGER

SECURITY_INTEGER is a structure that holds a numeric value. It is used in defining other types.
SECURITY_PACKAGE_OPTIONS

Specifies information about a security package.
SECURITY_STRING

Used as the string interface for kernel operations and is a clone of the UNICODE_STRING structure.
SecurityFunctionTableA

The SecurityFunctionTable structure is a dispatch table that contains pointers to the functions defined in SSPI. (ANSI)
SecurityFunctionTableW

The SecurityFunctionTable structure is a dispatch table that contains pointers to the functions defined in SSPI. (Unicode)

Enumerations

 
SEC_APPLICATION_PROTOCOL_NEGOTIATION_EXT

Indicates the application protocol extension that is negotiated.
SEC_APPLICATION_PROTOCOL_NEGOTIATION_STATUS

Describes the status of the SEC application protocol negotiation.
SEC_TRAFFIC_SECRET_TYPE

Indicates the traffic secret type used.
SecDelegationType

The type of delegation used.
SECPKG_ATTR_LCT_STATUS

Indicates whether the token from the most recent call to the InitializeSecurityContext function is the last token from the client.
SECPKG_CRED_CLASS

Indicates the type of credential used in a client context. The SECPKG_CRED_CLASS enumeration is used in the SecPkgContext_CredInfo structure.