Windows API Reference

Credentials

The Credentials API provides functions for managing user and machine credentials on the Windows operating system. These functions allow applications to obtain, store, and validate authentication credentials, such as usernames, passwords, and security tokens.

Overview

Managing credentials securely is crucial for application security and user authentication. The Credentials API abstracts many of the complexities involved in handling sensitive authentication data.

Key Concepts

• Credential Handles: Opaque structures that represent a credential.
• Credential Prompts: Mechanisms for users to enter their credentials.
• Credential Storage: Secure locations for storing credentials.
• Authentication Packages: Services that handle the actual authentication process.

Functions

Credential Management Functions

CredEnumerate

Enumerates the credentials stored on the local computer.

CredWrite

Writes a credential to the credential store.

CredRead

Reads a credential from the credential store.

CredDelete

Deletes a credential from the credential store.

Credential Prompt Functions

CredPromptForCredentials

Prompts the user to enter credentials.

CredUIPromptForCredentials

Provides a user interface for prompting for credentials.

Structures

CREDENTIAL

Represents a credential.

CREDENTIAL_ATTRIBUTE

Represents an attribute of a credential.

Error Codes

Common error codes for the Credentials API include:

• ERROR_NOT_FOUND: The specified credential was not found.
• ERROR_ACCESS_DENIED: Access to the credential store is denied.
• ERROR_INVALID_PARAMETER: One or more parameters are invalid.

Example Usage

The following C++ code snippet demonstrates how to read a credential:

#include <windows.h>
#include <wincred.h>
#include <iostream>

#pragma comment(lib, "credui.lib")

int main() {
    PCREDENTIAL pcred = NULL;
    LPCWSTR targetName = L"MyTargetServer";

    if (CredRead(targetName, CRED_TYPE_GENERIC, 0, &pcred) == TRUE) {
        std::wcout << L"Username: " << pcred->UserName << std::endl;
        // Process password or other credential data securely
        CredFree(pcred);
    } else {
        std::wcerr << L"Failed to read credential for " << targetName << L". Error: " << GetLastError() << std::endl;
    }

    return 0;
}
        

Related Topics

• Windows Security
• Authentication and Authorization