CredRead (Compact 2013)

  • Article

3/28/2014

The CredRead function retrieves credential information that is uniquely identified by the tuple that contains the credential type and the target ID associated with the credential. This function replaces CeCredRead (deprecated).

Syntax

DWORD CredRead(
    PWCHAR wszTarget,
    DWORD dwTargetLen,
    DWORD dwType,
    DWORD dwFlags,
    PPCRED ppCred
);

Parameters

  • wszTarget
    [in] Target to search for. Must be null-terminated, and cannot be NULL.
  • dwTargetLen
    [in] Number of characters in the target string, including the null-terminator. Cannot exceed CRED_MAX_TARGET_LEN.

  • dwType
    [in] Type of credential to search for. The following table shows the pre-defined credential types.

    Credential type

    Description

    CRED_TYPE_NTLM

    Credential type used for NTLM.

    CRED_TYPE_KERBEROS

    Credential type used for Kerberos.

    CRED_TYPE_DOMAIN_PASSWORD

    Credential type used for domain authentication.

    CRED_TYPE_CERTIFICATE

    Credential is a certificate.

    CRED_TYPE_PLAINTEXT_PASSWORD

    Credential is a plain password.

    CRED_TYPE_GENERIC

    Credential is stored as an opaque blob, but has no identifying characteristics.

  • dwFlags
    [in] Used to control default credentials, and can be one of the following flags.

    Flag

    Description

    CRED_FLAG_NO_DEFAULT

    Credential manager will not return default credential.

    CRED_FLAG_NO_IMPLICIT_DEFAULT

    This flag is deprecated. Use CRED_FLAG_NO_DEFAULT instead.

  • ppCred
    [out] Pointer to a single allocated block buffer to return the credential. Any pointers contained within this buffer are pointers to locations within the single allocated block.

    For more information about the credential structure used, see the CRED structure.

Return Value

ERROR_SUCCESS is returned upon success. For a list of error codes, see Credential Manager Error Codes.

Remarks

There can be multiple credentials present for the same type. The default behavior of the CredRead function is to return a credential in the following order of preference:

  1. An exact credential match to the target.
  2. The credential marked Default.
  3. An implicit default credential.

If no matching credential is found for the specified tuple, and there is a default credential set for the type specified in the tuple, that default credential is returned. If there is no default credential then the implicit default is returned. dwFlags member of the returned credential can be used to determine the source of the credential and the caller can take appropriate action.

In some cases you may want to receive only an exact match to the target. In this case, set dwFlags to CRED_FLAG_NO_DEFAULT.

Pointers contained in the single allocated block buffer to return the credential are pointers to locations within the single allocated block. This single returned buffer must be freed by calling CredFree, and cannot be NULL.

The dwFlags member of the returned credential can be used to figure out the source of the credential. If the CRED_FLAG_DEFAULT flag is set, it means no matching credential was found, but a default credential was found. If the CRED_FLAG_IMPLICIT_DEFAULT flag is set, then it means that there was no matching credential or default credential, and an implicit default credential was returned.

Requirements

Header

cred.h

Library

coredll.lib

See Also

Reference

Credential Manager Functions
CRED