Implementing NAP Support for EAP Methods
This topic explains how to implement Network Access Protection (NAP) for an EAPHost supplicant. In Windows Vista and Windows Server 2008 a NAP Enforcement Client (NAP EC) is available for 802.1X authenticated connections.
Important
NAP was deprecated in Windows Server 2012 R2 and is not included in Windows Server 2016 or later.
Implementing Network Access Protection (NAP)
To support NAP, an EAPHost supplicant implements a callback function matching the NotificationHandler callback prototype and must provide a pointer to this callback function when calling EapHostPeerBeginSession.
The callback function takes two parameters.
- A GUID that uniquely identifies the interface associated with the authentication.
- A VOID pointer to an opaque data structure that is supplied by the supplicant.
EAPHost will call the supplicant-provided callback function with the unique interface GUID and the VOID pointer when the quarantine state of the machine changes. When EAPHost calls the supplicant-provided callback function, the supplicant responds by tearing down the logical network connection identified by the interface GUID/VOID pointer and begins authentication again using EapHostPeerBeginSession.
EAPHost may call the supplicant-supplied callback function at any time: before, during an active authentication, or after the authentication has been completed (after EapHostPeerEndSession has been called but not before EapHostPeerClearConnection has been called). The supplicant should always respond by tearing down the logical network connection and re-authenticating.
If the supplicant is shutting down or choosing to no longer receive notification of isolation state changes, the supplicant should call EapHostPeerClearConnection and specify the appropriate interface GUID. If the supplicant wishes to determine the isolation of the logical network connection, the supplicant can obtain that information from EapHostPeerMethodResult.isolationState when the EapHostPeerMethodResult is obtained from EapHostPeerGetResult.
EAPHost Related NAP Information
For EAPHost API related NAP information refer to the following topics.
- EAP_ATTRIBUTE_TYPE
- EAP_ERROR
- EAPHost Supplicant Frequently Asked Questions
- EAP Method Properties
- EapHostPeerBeginSession
- EAP Related Error and Information Constants
- ISOLATION_STATE
- NotificationHandler
Additional Resources
- For a list of NAP resources, see Network Access Protection.
- For Statement of Health information, see Network Access Protection (NAP) Statement of Health (SoH) Messages.
- For NAP API information, see Network Access Protection.
Related topics
Configuring the EAP Method User Interface
Implementing In-Band NAP Support for EAP Methods