Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
A version of this page is also available for
4/8/2010

This structure is used by the Credential Manager API to read credentials from, and write credentials to, the registry. This structure replaces CREDENTIALstructure.

Syntax

typedef struct _CRED {
  DWORD 
dwVersion;
  DWORD 
dwType;
  WSTR 
wszUser;
  DWORD 
dwUserLen;
  WSTR 
wszTarget;
  DWORD 
dwTargetLen;
  PBYTE 
pBlob;
  DWORD 
dwBlobSize;
  DWORD 
dwFlags;
} CRED, *PCRED,**PPCRED;

Parameters

dwVersion

Denotes the credential structure version, and is set to CRED_VER_1

dwType

Credential type that cannot be changed after the credential is created.

Applications should allow for credential types they do not recognize. The following table shows the pre-defined credential types.

Credential Type Description

CRED_TYPE_NTLM

Credential type used for NTLM.

CRED_TYPE_KERBEROS

Credential type used for Kerberos.

CRED_TYPE_DOMAIN_PASSWORD

Credential type used for domain authentication.

CRED_TYPE_CERTIFICATE

Credential is a certificate.

CRED_TYPE_PLAINTEXT_PASSWORD

Credential is a plain password.

CRED_TYPE_GENERIC

Credential is stored as an opaque blob, but has no identifying characteristics.

wszUser

The unique user identifier that is associated with the credential, and must be NULL-terminated.

The format of the user identifier is dependent on the credential type. Examples are Domain\Userand User@Domain.com.

dwUserLen

Number of characters in the target string, including the NULL-terminator. Cannot exceed CRED_MAX_TARGET_LEN

wszTarget

Target identifier that is associated with the credential. Must be NULL-terminated, and cannot be NULL. The length of the target identifier is specified by the dwTargetLenthmember.

The format of the target identifier is dependent on the credential type. Examples are serverNameand domain.com.

Note:
Different applications may write credentials of the same type. If you are using credential manager as a private store of credentials specific to your application, make sure that you prepend an application-specific string to the credential target name so that there is less chance of collision.

dwTargetLen

Number of characters in the target string, including the NULL-terminator. Cannot exceed CRED_MAX_TARGET_LEN.

pBlob

Blob that represents the credential information. The contents of this blob are dependant on whether a read or write or update operation is being done and also on the credential type.

For example during a write this may contain the password that needs to be stored. But the actual credential that gets cached in credential manager depends on the type. For instance in the case of NTLM only the hash of the password gets cached. Hence for the same credential the blobs obtained during read may be different from the blob written.

dwBlobSize

Size of the credential blob in bytes. The size cannot exceed CRED_MAX_BLOB_SIZE.

Note:
Since the contents of a blob can vary, it is important to know what the credential type and operation are expecting, including format expectations. If the blob is a string, for example, a password, then the string should be NULL terminated. String operations typically expect a NULL-terminator. Therefore, the size of the blob should include the whole string in bytes, including the size of the NULL-terminator.
Note:
A password string is not necessarily a Unicode string or a non-Unicode string, so it is important to know what the credential type requires. Credential Manager does not enforce the use of Unicode.
dwFlags

Bit field that specifies the credential's characteristics and it is a bit mask of the following flags.

Flag Description

CRED_FLAG_PERSIST

Credential will be persisted in the registry. If this flag is not set, then the credential is stored in memory and cannot be retrieved subsequent to a soft reset.

CRED_FLAG_DEFAULT

Mark this credential as the default for this type. The default credential is returned when a credential for a specific target is requested and Credential Manager is unable to find a matching credential.

CRED_FLAG_SENSITIVE

Before accessing this credential, the user has to authenticate to the local device. This is useful for protecting highly sensitive credentials. Also, this provides an extra layer of security without having to re-enter credentials. The actual mechanism used for local authentication is determined by the Local Authentication Subsystem (LASS).

CRED_FLAG_TRUSTED

The credential can be read only by trusted parts.

Requirements

Header cred.h
Windows Embedded CE Windows CE 5.0 and later
Windows Mobile Windows Mobile Version 5.0 and later

See Also