Custom Security Packages

To implement new security protocols that are integrated with the Windows Server and Windows operating systems, use the custom security package API and the Local Security Authority (LSA) functions.

The custom security package API supports combined development of custom security support providers (SSPs), which provide Noninteractive Authentication services and secure message exchange to client/server applications, with the development of custom authentication packages, which provide services for applications that perform Interactive Authentication. These services, when combined in a single package, are called a security support provider/authentication package (SSP/AP).

As with Microsoft-provided security packages, users of the custom security package access interactive authentication services using the LSA Logon Functions. Noninteractive authentication and message protection services can be accessed directly using Security Support Provider Interface (SSPI).

The security packages deployed in SSP/APs are fully integrated with the LSA. Using the LSA support functions available to custom security packages, developers can implement advanced security features such as token creation, supplemental credentials support, and pass-through authentication. For a list of these support functions, see LSA Functions Called by Authentication Packages. For information about how to implement custom security packages, see Creating Custom Security Packages.

For more information about custom security packages, see the following topics.

Topic	Description
SSP/APs vs. SSPs	Information about how to determine whether a security package should be in an SSP/AP or SSP.
LSA Mode vs. User Mode	Details about how LSA mode and user mode are different.
Restrictions around Registering and Installing a Security Package	Actions by security packages that are not supported in Windows.