QueryContextAttributes (CredSSP) function
The QueryContextAttributes (CredSSP) function lets a transport application query the Credential Security Support Provider (CredSSP) security package for certain attributes of a security context.
Syntax
SECURITY_STATUS SEC_ENTRY QueryContextAttributes(
_In_ PCtxtHandle phContext,
_In_ ULONG ulAttribute,
_Out_ PVOID pBuffer
);
Parameters
-
phContext [in]
-
A handle to the security context to be queried.
-
ulAttribute [in]
-
The attribute of the context to be returned. This parameter can be one of the following values. Unless otherwise specified, the attributes are applicable to both client and server.
Value Meaning - SECPKG_ATTR_C_ACCESS_TOKEN
- 0x80000012
The pBuffer parameter contains a pointer to a SecPkgContext_AccessToken structure that specifies the access token for the current security context.
This attribute is supported only on the server.- SECPKG_ATTR_C_FULL_ACCESS_TOKEN
- 0x80000082
The pBuffer parameter contains a pointer to a SecPkgContext_AccessToken structure that specifies the access token for the current security context.
This attribute is supported only on the server.- SECPKG_ATTR_CERT_TRUST_STATUS
- 0x80000084
The pBuffer parameter contains a pointer to a CERT_TRUST_STATUS structure that specifies trust information about the certificate.
This attribute is supported only on the client.- SECPKG_ATTR_CREDS
- 0x80000080
The pBuffer parameter contains a pointer to a SecPkgContext_ClientCreds structure that specifies client credentials.
The client credentials can be either user name and password or user name and smart card PIN.
This attribute is supported only on the server.- SECPKG_ATTR_CREDS_2
- 0x80000086
The pBuffer parameter contains a pointer to a SecPkgContext_ClientCreds structure that specifies client credentials.
If the client credential is user name and password, the buffer is a packed KERB_INTERACTIVE_LOGON structure.
If the client credential is user name and smart card PIN, the buffer is a packed KERB_CERTIFICATE_LOGON structure.
If the client credential is an online identity credential, the buffer is a marshaled SEC_WINNT_AUTH_IDENTITY_EX2 structure.
This attribute is supported only on the CredSSP server.
Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported.- SECPKG_ATTR_NEGOTIATION_PACKAGE
- 0x80000081
The pBuffer parameter contains a pointer to a SecPkgContext_PackageInfo structure that specifies the name of the authentication package negotiated by the Microsoft Negotiate provider. - SECPKG_ATTR_PACKAGE_INFO
- 10
The pBuffer parameter contains a pointer to a SecPkgContext_PackageInfostructure.
Returns information on the SSP in use.- SECPKG_ATTR_SERVER_AUTH_FLAGS
- 0x80000083
The pBuffer parameter contains a pointer to a SecPkgContext_Flags structure that specifies information about the flags in the current security context.
This attribute is supported only on the client.- SECPKG_ATTR_SIZES
- 0x0
The pBuffer parameter contains a pointer to a SecPkgContext_Sizes structure.
Queries the sizes of the structures used in the per-message functions and authentication exchanges.- SECPKG_ATTR_SUBJECT_SECURITY_ATTRIBUTES
- 124
The pBuffer parameter contains a pointer to a SecPkgContext_SubjectAttributes structure.
This value returns information about the security attributes for the connection.
This value is supported only on the CredSSP server.
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported. -
pBuffer [out]
-
A pointer to a structure that receives the attributes. The structure type depends on the value of the ulAttribute parameter.
Return value
If the function succeeds, it returns SEC_E_OK.
If the function fails, it can return the following error codes.
| Return code/value | Description |
|---|---|
|
The function failed. The phContext parameter specifies a handle to an incomplete context. |
|
The function failed. The value of the ulAttribute parameter is not valid. |
Remarks
The structure pointed to by the pBuffer parameter varies depending on the attribute being queried.
While the caller must allocate the pBuffer structure itself, the SSP allocates any memory required to hold variable-sized members of the pBuffer structure. Memory allocated by the SSP must be freed by calling the FreeContextBuffer function.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows Vista [desktop apps only] |
| Minimum supported server |
Windows Server 2008 [desktop apps only] |
| Header |
|
| Library |
|
| DLL |
|
| Unicode and ANSI names |
QueryContextAttributesW (Unicode) and QueryContextAttributesA (ANSI) |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for