Creating a LAP

A version of this page is also available for

Windows Embedded CE 6.0 R3


The password LAP (Local Authentication Plugin) that is available by default in Windows Embedded CE can be replaced by a customized LAP if you want to have an alternate mechanism to authenticate the user. The custom LAP will be called exclusively by LASS (Local Authentication Subsystem) on behalf of applications that need to authenticate a user.

To create a LAP, you must create a DLL with the following entry points:

LASS will call InitLap before the LAP is ever used. The active LAP is loaded on startup, and will remain loaded until it is changed. LASS will call DeinitLAP prior to unloading the LAP. No more calls can be made to the LAP after this call is made.

An application call to the LASS function VerifyUser is passed on to VerifyUser (LAP) if the AE policy requires it. When it receives this call, the LAP should validate the user. Note that if the flag VU_NO_UI is set, the LAP must not display UI.

LAPCreateEnrollmentConfigDialog is called when the application calls CreateEnrollmentConfigDialog. In general, only the Shell will call this function.

In This Section


A LAP will need dual pin support in order to support the Authentication Reset System.


To create a LAP that works with the Authentication Reset System, the password will have to be stored internally in the LAP.

See Also


LAP Implementation Issues
Implementing Master Key Protection in a LAP

Other Resources