QueryContextAttributesW function (sspi.h)

The QueryContextAttributes (CredSSP) function lets a transport application query the Credential Security Support Provider (CredSSP) security package for certain attributes of a security context.

Syntax

KSECDDDECLSPEC SECURITY_STATUS SEC_ENTRY QueryContextAttributesW(
  [in]  PCtxtHandle   phContext,
  [in]  unsigned long ulAttribute,
  [out] void          *pBuffer
);

Parameters

[in] phContext

A handle to the security context to be queried.

[in] ulAttribute

The attribute of the context to be returned. This parameter can be one of the following values. Unless otherwise specified, the attributes are applicable to both client and server.

Value Meaning
SECPKG_ATTR_C_ACCESS_TOKEN
0x80000012
The pBuffer parameter contains a pointer to a SecPkgContext_AccessToken structure that specifies the access token for the current security context.

This attribute is supported only on the server.

SECPKG_ATTR_C_FULL_ACCESS_TOKEN
0x80000082
The pBuffer parameter contains a pointer to a SecPkgContext_AccessToken structure that specifies the access token for the current security context.

This attribute is supported only on the server.

SECPKG_ATTR_CERT_TRUST_STATUS
0x80000084
The pBuffer parameter contains a pointer to a CERT_TRUST_STATUS structure that specifies trust information about the certificate.

This attribute is supported only on the client.

SECPKG_ATTR_CREDS
0x80000080
The pBuffer parameter contains a pointer to a SecPkgContext_ClientCreds structure that specifies client credentials.

The client credentials can be either user name and password or user name and smart card PIN.

This attribute is supported only on the server.

SECPKG_ATTR_CREDS_2
0x80000086
The pBuffer parameter contains a pointer to a SecPkgContext_ClientCreds structure that specifies client credentials.

If the client credential is user name and password, the buffer is a packed KERB_INTERACTIVE_LOGON structure.

If the client credential is user name and smart card PIN, the buffer is a packed KERB_CERTIFICATE_LOGON structure.

If the client credential is an online identity credential, the buffer is a marshaled SEC_WINNT_AUTH_IDENTITY_EX2 structure.

This attribute is supported only on the CredSSP server.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not supported.

SECPKG_ATTR_NEGOTIATION_PACKAGE
0x80000081
The pBuffer parameter contains a pointer to a SecPkgContext_PackageInfo structure that specifies the name of the authentication package negotiated by the Microsoft Negotiate provider.
SECPKG_ATTR_PACKAGE_INFO
10
The pBuffer parameter contains a pointer to a SecPkgContext_PackageInfo structure.

Returns information on the SSP in use.

SECPKG_ATTR_SERVER_AUTH_FLAGS
0x80000083
The pBuffer parameter contains a pointer to a SecPkgContext_Flags structure that specifies information about the flags in the current security context.

This attribute is supported only on the client.

SECPKG_ATTR_SIZES
0x0
The pBuffer parameter contains a pointer to a SecPkgContext_Sizes structure.

Queries the sizes of the structures used in the per-message functions and authentication exchanges.

SECPKG_ATTR_SUBJECT_SECURITY_ATTRIBUTES
124
The pBuffer parameter contains a pointer to a SecPkgContext_SubjectAttributes structure.

This value returns information about the security attributes for the connection.

This value is supported only on the CredSSP server.

Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not supported.

[out] pBuffer

A pointer to a structure that receives the attributes. The structure type depends on the value of the ulAttribute parameter.

Return value

If the function succeeds, it returns SEC_E_OK.

If the function fails, it can return the following error codes.

Return code/value Description
SEC_E_INVALID_HANDLE
0x80100003
The function failed. The phContext parameter specifies a handle to an incomplete context.
SEC_E_UNSUPPORTED_FUNCTION
0x80090302
The function failed. The value of the ulAttribute parameter is not valid.

Remarks

The structure pointed to by the pBuffer parameter varies depending on the attribute being queried.

While the caller must allocate the pBuffer structure itself, the SSP allocates any memory required to hold variable-sized members of the pBuffer structure. Memory allocated by the SSP must be freed by calling the FreeContextBuffer function.

Note

The sspi.h header defines QueryContextAttributes as an alias which automatically selects the ANSI or Unicode version of this function based on the definition of the UNICODE preprocessor constant. Mixing usage of the encoding-neutral alias with code that not encoding-neutral can lead to mismatches that result in compilation or runtime errors. For more information, see Conventions for Function Prototypes.

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header sspi.h (include Security.h)
Library Secur32.lib
DLL Secur32.dll

See also

CERT_CONTEXT

FreeContextBuffer

SSPI Functions

SecPkgContext_ClientCreds

SecPkgContext_Sizes