Obtaining Schannel Credentials

Credentials are required by the Schannel authentication process; both client and server must obtain valid credentials to establish a security context for message exchange. For an example that demonstrates this procedure, see Getting credentials.

Your application obtains credentials by calling the AcquireCredentialsHandle function, which returns a handle to the requested credentials. Because credentials handles are used to store configuration information, the same handle cannot be used for both client-side and server-side operations. This means that applications that support both client and server connections must obtain a minimum of two credentials handles.

In Windows XP, an SCHANNEL_CRED structure specifies the following:

  • A security protocol
  • The allowable ciphers
  • Minimum and maximum cipher strengths
  • An X.509 certificate used for authentication — Required for server, optional for client unless server requests client authentication.

Pass the SCHANNEL_CRED structure (via the pAuthData parameter) to the AcquireCredentialsHandle function. This function returns the credentials handle required to establish a security context.

For detailed information on setting the ciphers used with Schannel, see Specifying Schannel Ciphers and Cipher Strengths.

For information about certificates, see Certificate and Certificate Store Functions.

For an example that demonstrates opening a certificate store and locating a certificate to use for Schannel authentication, see Getting a Certificate.