CredRead (Windows Embedded CE 6.0)

1/6/2010

The CredRead function retrieves credential information that is uniquely identified by the tuple that contains the credential type and the target ID associated with the credential. This function replaces CeCredRead.

Syntax

DWORD CredRead(
  WSTR   wszTarget,
  DWORD  dwTargetLen,
  DWORD  dwType,
  DWORD  dwFlags,
  PPCRED ppCred
);

Parameters

  • wszTarget
    [in] Target to search for. Must be null-terminated, and cannot be NULL.
  • dwTargetLen
    [in] Number of characters in the target string, including the null-terminator. Cannot exceed CRED_MAX_TARGET_LEN
  • dwType
    [in] Type of credential to search for. The following table shows the pre-defined credential types.

    Credential type Description

    CRED_TYPE_NTLM

    Credential type used for NTLM.

    CRED_TYPE_KERBEROS

    Credential type used for Kerberos.

    CRED_TYPE_DOMAIN_PASSWORD

    Credential type used for domain authentication.

    CRED_TYPE_CERTIFICATE

    Credential is a certificate.

    CRED_TYPE_PLAINTEXT_PASSWORD

    Credential is a plain password.

    CRED_TYPE_GENERIC

    Credential is stored as an opaque blob, but has no identifying characteristics.

  • dwFlags
    [in] Used to control default credentials, and can be one of the following flags.

    Flag Description

    CRED_FLAG_NO_DEFAULT

    Credential manager will not return default credential.

    CRED_FLAG_NO_IMPLICIT_DEFAULT

    Credential manager will not return implicit default.

  • ppCred
    [out] Pointer to a single allocated block buffer to return the credential. Any pointers contained within this buffer are pointers to locations within the single allocated block.

    For more information about the credential structure used, please see the CRED structure.

Return Value

ERROR_SUCCESS is returned upon success. For a list of error codes, see Credential Manager Error Codes.

Remarks

There can be multiple credentials present for the same type. The default behavior of the CredRead function is to return a credential in the following order of preference:

  1. An exact credential match to the target.
  2. The credential marked Default.
  3. An implicit default credential.

If no matching credential is found for the specified tuple, and there is a default credential set for the type specified in the tuple, that default credential is returned. If there is no default credential then the implicit default is returned. dwFlags member of the returned credential can be used to determine the source of the credential and the caller can take appropriate action. If the caller is not privileged, the blob will be empty for trusted credentials.

In some cases you may want to receive only an exact match to the target. Depending on the case, set dwFlags to be either CRED_FLAG_NO_DEFAULT or CRED_FLAG_NO_IMPLICIT_DEFAULT.

Pointers contained in the single allocated block buffer to return the credential are pointers to locations within the single allocated block. This single returned buffer must be freed by calling CredFree, and cannot be NULL.

The dwFlags member of the returned credential can be used to figure out the source of the credential. If the CRED_FLAG_DEFAULT is set, it means no matching credential was found, but a default credential was found. If the CRED_FLAG_IMPLICIT_DEFAULT is set, then it means that there was no matching credential or default credential, and an implicit default credential was returned.

Requirements

Header cred.h
Library coredll.lib
Windows Embedded CE Windows CE .NET 4.0 and later

See Also

Reference

Credential Manager Functions
CRED