Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
A version of this page is also available for
4/8/2010

The password LAP (Local Authentication Plugin) that is available by default in Windows Embedded CE can be replaced by a customized LAP if you want to have an alternate mechanism to authenticate the user. The custom LAP will be called exclusively by LASS (Local Authentication Subsystem) on behalf of applications that need to authenticate a user.

To create a LAP, you must create a DLL with the following entry points:

LASS will call InitLapbefore the LAP is ever used. The active LAP is loaded on startup, and will remain loaded until it is changed. LASS will call DeinitLAPprior to unloading the LAP. No more calls can be made to the LAP after this call is made.

An application call to the LASS function VerifyUseris passed on to VerifyUser(LAP) if the AE policy requires it. When it receives this call, the LAP should validate the user. Note that if the flag VU_NO_UI is set, the LAP must not display UI.

LAPCreateEnrollmentConfigDialogis called when the application calls CreateEnrollmentConfigDialog. In general, only the Shell will call this function.

In This Section

LAP Implementation Issues

Discusses various LAP implementation issues, including fallback mechanisms and deadlock.

Implementing Master Key Protection in a LAP

Discusses the implementation of master key protection in LAPs that collect verification data from the user but that do not persist the data.

Remarks

A LAP will need dual pin support in order to support the Authentication Reset System.

Note:
To create a LAP that works with the Authentication Reset System, the password will have to be stored internally in the LAP.

See Also