QueryContextAttributes (CredSSP) function

The QueryContextAttributes (CredSSP) function lets a transport application query the Credential Security Support Provider (CredSSP) security package for certain attributes of a security context.

Syntax

SECURITY_STATUS SEC_ENTRY QueryContextAttributes(
  _In_  PCtxtHandle phContext,
  _In_  ULONG       ulAttribute,
  _Out_ PVOID       pBuffer
);

Parameters

phContext [in]

A handle to the security context to be queried.

ulAttribute [in]

The attribute of the context to be returned. This parameter can be one of the following values. Unless otherwise specified, the attributes are applicable to both client and server.

Value Meaning
SECPKG_ATTR_C_ACCESS_TOKEN
0x80000012
The pBuffer parameter contains a pointer to a SecPkgContext_AccessToken structure that specifies the access token for the current security context.
This attribute is supported only on the server.
SECPKG_ATTR_C_FULL_ACCESS_TOKEN
0x80000082
The pBuffer parameter contains a pointer to a SecPkgContext_AccessToken structure that specifies the access token for the current security context.
This attribute is supported only on the server.
SECPKG_ATTR_CERT_TRUST_STATUS
0x80000084
The pBuffer parameter contains a pointer to a CERT_TRUST_STATUS structure that specifies trust information about the certificate.
This attribute is supported only on the client.
SECPKG_ATTR_CREDS
0x80000080
The pBuffer parameter contains a pointer to a SecPkgContext_ClientCreds structure that specifies client credentials.
The client credentials can be either user name and password or user name and smart card PIN.
This attribute is supported only on the server.
SECPKG_ATTR_CREDS_2
0x80000086
The pBuffer parameter contains a pointer to a SecPkgContext_ClientCreds structure that specifies client credentials.
If the client credential is user name and password, the buffer is a packed KERB_INTERACTIVE_LOGON structure.
If the client credential is user name and smart card PIN, the buffer is a packed KERB_CERTIFICATE_LOGON structure.
If the client credential is an online identity credential, the buffer is a marshaled SEC_WINNT_AUTH_IDENTITY_EX2 structure.
This attribute is supported only on the CredSSP server.
Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.
SECPKG_ATTR_NEGOTIATION_PACKAGE
0x80000081
The pBuffer parameter contains a pointer to a SecPkgContext_PackageInfo structure that specifies the name of the authentication package negotiated by the Microsoft Negotiate provider.
SECPKG_ATTR_PACKAGE_INFO
10
The pBuffer parameter contains a pointer to a SecPkgContext_PackageInfostructure.
Returns information on the SSP in use.
SECPKG_ATTR_SERVER_AUTH_FLAGS
0x80000083
The pBuffer parameter contains a pointer to a SecPkgContext_Flags structure that specifies information about the flags in the current security context.
This attribute is supported only on the client.
SECPKG_ATTR_SIZES
0x0
The pBuffer parameter contains a pointer to a SecPkgContext_Sizes structure.
Queries the sizes of the structures used in the per-message functions and authentication exchanges.
SECPKG_ATTR_SUBJECT_SECURITY_ATTRIBUTES
124
The pBuffer parameter contains a pointer to a SecPkgContext_SubjectAttributes structure.
This value returns information about the security attributes for the connection.
This value is supported only on the CredSSP server.
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.

 

pBuffer [out]

A pointer to a structure that receives the attributes. The structure type depends on the value of the ulAttribute parameter.

Return value

If the function succeeds, it returns SEC_E_OK.

If the function fails, it can return the following error codes.

Return code/value Description
SEC_E_INVALID_HANDLE
0x80100003
The function failed. The phContext parameter specifies a handle to an incomplete context.
SEC_E_UNSUPPORTED_FUNCTION
0x80090302
The function failed. The value of the ulAttribute parameter is not valid.

 

Remarks

The structure pointed to by the pBuffer parameter varies depending on the attribute being queried.

While the caller must allocate the pBuffer structure itself, the SSP allocates any memory required to hold variable-sized members of the pBuffer structure. Memory allocated by the SSP must be freed by calling the FreeContextBuffer function.

Requirements

Requirement Value
Minimum supported client
Windows Vista [desktop apps only]
Minimum supported server
Windows Server 2008 [desktop apps only]
Header
Sspi.h (include Security.h)
Library
Secur32.lib
DLL
Secur32.dll
Unicode and ANSI names
QueryContextAttributesW (Unicode) and QueryContextAttributesA (ANSI)

See also

SSPI Functions

CERT_CONTEXT

FreeContextBuffer

SecPkgContext_ClientCreds

SecPkgContext_Sizes