CRED (Compact 2013)

  • Article

3/28/2014

This structure is used by the Credential Manager API to read credentials from, and write credentials to, the registry. This structure replaces the deprecated CECREDENTIAL structure.

Syntax

typedef struct _CRED {
  DWORD dwVersion;
  DWORD dwType;
  PWCHAR wszUser;
  DWORD dwUserLen;
  PWCHAR wszTarget;
  DWORD dwTargetLen;
  PBYTE pBlob;
  DWORD dwBlobSize;
  DWORD dwFlags;
} CRED, *PCRED,**PPCRED;

Parameters

  • dwVersion
    Denotes the credential structure version, and is set to CRED_VER_1

  • dwType
    Credential type that cannot be changed after the credential is created.

    Applications should allow for credential types they do not recognize. The following table shows the pre-defined credential types.

    Credential Type

    Description

    CRED_TYPE_NTLM

    Credential type used for NTLM.

    CRED_TYPE_KERBEROS

    Credential type used for Kerberos.

    CRED_TYPE_DOMAIN_PASSWORD

    Credential type used for domain authentication.

    CRED_TYPE_CERTIFICATE

    Credential is a certificate.

    CRED_TYPE_PLAINTEXT_PASSWORD

    Credential is a plain password.

    CRED_TYPE_GENERIC

    Credential is stored as an opaque blob, but has no identifying characteristics.

  • wszUser
    The unique user identifier that is associated with the credential. It must be NULL-terminated.

    The format of the user identifier is dependent upon the credential type. Examples include Domain\User and User@Domain.com.

  • dwUserLen
    Number of characters in the user string, including the NULL-terminator. Cannot exceed CRED_MAX_USER_LEN.

  • wszTarget
    Target identifier that is associated with the credential. Must be NULL-terminated, and cannot be NULL. The length of the target identifier is specified by the dwTargetLenth member.

    The format of the target identifier is dependent upon the credential type. Examples include serverName and domain.com.

    Note

    Different applications may write credentials of the same type. If you are using Credential Manager as a private store of credentials specific to your application, make sure that you prepend an application-specific string to the credential target name so that there is less chance of collision.

  • dwTargetLen
    Number of characters in the target string, including the NULL-terminator. Cannot exceed CRED_MAX_TARGET_LEN.

  • pBlob
    Blob that represents the credential information. The contents of this blob are dependant upon whether a read, write or update operation is being done and also dependent upon the credential type.

    For example, during a write this may contain the password that needs to be stored. However, the actual credential that gets cached in the Credential Manager depends upon the type. For instance, in the case of NTLM, only the hash of the password gets cached. Hence, for the same credential, the blob obtained during a read operation may be different from the blob written.

  • dwBlobSize
    Size of the credential blob in bytes. The size cannot exceed CRED_MAX_BLOB_SIZE.

    Note

    Since the contents of a blob can vary, it is important to know what the credential type and operation are expecting, including format expectations. If the blob is a string, for example, a password, then the string should be NULL terminated. String operations typically expect a NULL-terminator. Therefore, the size of the blob should include the whole string in bytes, including the size of the NULL-terminator.

    Note

    A password string is not necessarily a Unicode string or a non-Unicode string, so it is important to know what the credential type requires. Credential Manager does not enforce the use of Unicode.

  • dwFlags
    Bit field that specifies the credential's characteristics. It is a bit mask of the following flags.

    Flag

    Description

    CRED_FLAG_PERSIST

    Credential will be persisted in the registry. If this flag is not set, then the credential is stored in memory and cannot be retrieved subsequent to a soft reset.

    CRED_FLAG_DEFAULT

    Mark this credential as the default for this type. The default credential is returned when a credential for a specific target is requested and Credential Manager is unable to find a matching credential.

    Ee498123.note(en-us,WinEmbedded.80).gifNote:
    Credentials will be saved as PRIVATE, and not DEFAULT, if the type provider is "trusted" (meaning, the provider has specified the CRED_TYPE_FLAG_TRUSTED flag.) Credentials must be saved as PRIVATE in this situation and Credential Manager will enforce this behavior.

    See Remarks.

    CRED_FLAG_SENSITIVE

    This flag is deprecated

    CRED_FLAG_TRUSTED

    Credential can be read only by trusted components.

Requirements

Header

cred.h

See Also

Reference

Credential Manager Structures