AuthIdentityToService
Retrieves a service ticket for an authenticated identity.
HRESULT AuthIdentityToService(
IN PassportIdentityHandle hIdentity,
IN LPCWSTR szServiceTarget,
IN OPTIONAL LPCWSTR szServicePolicy,
IN DWORD dwTokenRequestFlags,
OUT OPTIONAL LPWSTR *szToken,
OUT OPTIONAL DWORD *pdwResultFlags,
OUT OPTIONAL BYTE **ppbSessionKey,
OUT OPTIONAL DWORD *pcbSessionKeyLength
);
Parameters
hIdentity
The identity handle for which a service ticket is being requested.
szServiceTarget
A string indicating the service name for which the ticket is being requested. This name is a unique identifier chosen by the service when it registered with the identity service. This value may or may not be the same as the service's domain name.
szServicePolicy
Optional. A string that expresses a policy that will be evaluated when determining whether the supplied authenticated identity will be granted access to the service. This string determines the type of ticket to be issued for a particular target service. The service and the client application will determine how this policy is obtained or generated.
dwTokenRequestFlags
Set to SERVICETOKENFLAGS.SERVICE_TOKEN_FROM_CACHE to get persisted service tickets and certificates. SERVICETOKENFLAGS.SERVICE_TOKEN_FROM_CACHE is only used when you are obtaining the ticket from a previously submitted ticket request.
szToken
Optional. The returned service ticket.
pdwResultFlags
Optional. The type of service ticket returned. Use one of the values from SERVICETOKENFLAGS.SERVICE_TOKEN_FROM_CACHE here.
ppbSessionKey
Optional. If the service ticket format supports it, this parameter will contain a session key that matches the symmetric or asymmetric session key, depending on the policy, inside the service ticket.
pcbSessionKeyLength
Optional. The length of the returned session key.
Return Values
The following table describes the return values for this method.
Return Code |
Description |
|---|---|
PPCRL_E_AUTH_SERVICE_UNAVAILABLE |
Cannot connect to authentication service. |
PPCRL_E_IDENTITY_NOT_AUTHENTICATED |
The identity has not been authenticated. |
PPCRL_E_UNABLE_TO_RETRIEVE_SERVICE_TOKEN |
The service ticket cannot be retrieved. |
PPCRL_REQUESTPARAMS_MISSING |
Request parameters are missing. |
PPCRL_S_TOKEN_TYPE_DOES_NOT_SUPPORT_SESSION_KEY |
The ticket returned has no session key. |
S_OK |
The service ticket was returned. |
Remarks
The type of service ticket that is returned by this method is determined by the service and the policy for which the ticket is being requested. A ticket and a session key may be created as a result of this method call. The memory allocated for these objects may be freed by calling the PassportFreeMemory method for each object.