A version of this page is also available for

Windows Embedded CE 6.0 R3


This function authenticates the user. An application calls this function.


BOOL VerifyUser(
  const GUID* AEKey,
  LPCWSTR wszAEDisplayText,
  HWND hWndParent,
  DWORD dwOptions,
  PVOID pExtended


  • AEKey
    [in] Pointer to the authentication event identifier. The identifier corresponds to the type of authentication required.
  • wszAEDisplayText
    [in] Pointer to the text for the LAP to display. If this value is NULL, the function uses the value set in the registry.
  • hWndParent
    [in] Handle to the parent window.
  • dwOptions
    [in] A bitmask of options. The following table shows the possible values.

    Value Description


    Returns from VerifyUser without displaying the UI. When using this value, the function will return TRUE only if the user can be verified without displaying the UI. Otherwise, it will return FALSE.


    Handle master key encryption and decryption if master key encryption and decryption are supported.

    > [!NOTE] > The VU_HANDLE_MASTER_KEY option is valid only when it is set by a privileged application.


    Keep calling into the LAP until the user cancels, or until the user successfully verifies.

    > [!NOTE] > If the VU_NO_UI flag is passed to the function, VU_UNTIL_SUCCESS is ignored.
  • pExtended
    Reserved. Must be set to NULL.

Return Value

Returns TRUE if the user is verified, and FALSE otherwise. To get extended error information, the application should call GetLastError. If the user cancelled the verification request, GetLastError returns ERROR_CANCELLED. If the user failed authentication, GetLastError returns ERROR_WRONG_PASSWORD, or a more applicable code set by the LAP.


VerifyUser can be called by any application, whether it is privileged or normal.


The PromptForPasswd function is deprecated. Use the VerifyUser function instead.


The following example shows how the application can use VerifyUser to authenticate the user before calling any secure function. CallSecureFunction and TellUserVerificationFailed in this example are user-defined functions.

HWND hMyWindow;
    DWORD LastError;
    GUID AEKeyForFoo = ...;
    if (VerifyUser(&AEKeyForFoo,"App A",hMyWindow,VU_UNTIL_SUCCESS,0))  //  Call into LASS; This will  
       CallSecureFunction()  // call into active LAP and show LAP-specific UI
       TellUserVerificationFailed(GetLastError()));  // display your own UI


Header lap.h
Library coredll.lib
Windows Embedded CE Windows CE 5.0 and later
Windows Mobile Pocket PC for Windows Mobile Version 5.0 and later, Smartphone for Windows Mobile Version 5.0 and later

See Also


LASS Functions
Setting an AE Policy
Installing an AE
VerifyUser (LAP)

Other Resources