MSDN Documentation

Authentication

This section provides in-depth information about the Windows authentication mechanisms. Authentication is the process of verifying the identity of a user, process, or device attempting to access system resources. This includes understanding security identifiers (SIDs), access tokens, logon sessions, and various authentication protocols used by the Windows operating system.

Key Concepts

• Security Identifiers (SIDs): Unique values that identify accounts or groups.
• Access Tokens: Objects containing security information, including a user's identity and privileges.
• Logon Sessions: A mechanism for managing user credentials and associated security information.
• Authentication Packages: Providers that handle the actual authentication process.
• Credential Management: APIs and mechanisms for securely storing and retrieving user credentials.

Core Functions and Structures

Below is a summary of commonly used functions and structures related to authentication in the Windows API. For detailed documentation, please refer to the individual function and structure pages.

Name	Description
LogonUser	Logs on a specified user account.
CreateProcessWithLogonW	Creates a new process and its primary thread. The new process runs in the security context of the specified user account.
GetTokenInformation	Retrieves various types of information about a specified access token.
ImpersonateUser	Enables a server thread to impersonate a client's security context.
LUID	Represents a locally unique identifier.
SID	Represents a security identifier.
TOKEN_USER	Represents a security identifier (SID) and its associated account name for a token.

Related Topics

• Access Control
• Authorization
• Credential Management
• Authentication Protocols