Windows Development > Programming > Security > API Reference

Windows Security API Reference

Authentication

APIs for verifying user or process identity.

LogonUser

The LogonUser function validates a user's credentials and returns a handle to a user token that can be used to impersonate that user.

Parameters

  • lpUsername: The user name.
  • lpDomain: The domain name.
  • lpPassword: The password.
  • dwLogonType: The type of logon.
  • dwLogonProvider: The logon provider.
  • phToken: A pointer to a variable that receives the access token.

Return Value

  • TRUE on success, FALSE otherwise. Use GetLastError to get extended error information.

ImpersonateLoggedOnUser

The ImpersonateLoggedOnUser function enables the calling thread to impersonate the security context of the user identified by the specified access token.

Parameters

  • hToken: A handle to the access token that represents the user the calling thread will impersonate.

Return Value

  • TRUE on success, FALSE otherwise.

Authorization

APIs for determining access rights to resources.

AccessCheck

The AccessCheck function determines whether the security access mask granted to an explicitly specified security descriptor is sufficient to perform the requested access operations on an object.

Parameters

  • pSecurityDescriptor: Pointer to the security descriptor to be checked.
  • ClientToken: Handle to the access token for the client whose access is to be checked.
  • DesiredAccess: The requested access mask.
  • GenericMapping: Pointer to a GENERIC_MAPPING structure that maps generic access rights to specific access rights.
  • PrivilegeSet: Pointer to a PRIVILEGE_SET structure that receives a list of privileges that are required to perform the requested access.
  • dibutuhkanAccessMask: Pointer to an ACCESS_MASK value that receives the access mask that satisfies the requested access.
  • pfAccessStatus: Pointer to a variable that receives the access check results.
  • pGrantedAccessMask: Pointer to ACCESS_MASK that receives the access mask that satisfies the requested access.

Return Value

  • TRUE if the access check is successful, FALSE otherwise.

Cryptography

APIs for encryption, decryption, and hashing.

CryptEncrypt

The CryptEncrypt function encrypts a block of data using a supplied key.

Parameters

  • hKey: Handle to the session key.
  • hHash: Handle to a hash object.
  • fFinal: Boolean flag indicating if this is the final block.
  • dwFlags: Flags.
  • pbData: Buffer containing the data to encrypt.
  • pdwDataLen: Pointer to the size of the data buffer.
  • pdwBufLen: Pointer to the size of the output buffer.

Return Value

  • TRUE on success, FALSE otherwise.

Access Control

APIs for managing Access Control Lists (ACLs).

SetSecurityInfo

The SetSecurityInfo function sets security information for a specified object.

Parameters

  • handle: Handle to the object.
  • ObjectType: Type of object.
  • SecurityInfo: Security information to set.
  • pOwnerSid: Owner security identifier.
  • pGroupSid: Group security identifier.
  • pDacl: Discretionary access control list.
  • pSacl: System access control list.

Return Value

  • NO_ERROR on success, non-zero error code otherwise.

Auditing

APIs for managing security auditing.

AuditEnablingACE

This structure is used to define an audit ACE (Access Control Entry).

Members

  • Header: An ACE_HEADER structure.
  • Mask: An ACCESS_MASK structure that specifies the type of access that causes the system to generate an audit message.
  • Sid: A pointer to a SID structure that identifies the user or group to audit.
  • Flags: Flags that control when audits are generated.

Certificates

APIs for managing digital certificates.

CertOpenStore

The CertOpenStore function opens a certificate store, or a memory store, or a.”—

Parameters

  • lpszStoreProvider: Provider for the store.
  • dwMsgAndCertEncodingType: Encoding type.
  • hCryptProv: Cryptographic provider handle.
  • dwFlags: Flags for opening the store.
  • pvPara: Context.

Return Value

  • Handle to the certificate store on success, NULL otherwise.