IWMCredentialCallback::AcquireCredentials() and CryptProtectData()

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Roland <googlegroups@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 1 Jul 2008 09:31:54 -0700 (PDT)

Hi,

I have been developing a program which creates a push sink publishing
point, pushing to a windows media streaming server. I implemented the
IWMCredentialCallback interface and the AcquireCredentials() callback
to be able to pass the username and password to the streaming server.
I set flags to 0 and pass the username and password in cleartext.

This all works, but when I tried to convert this program into a
service, running under the local system account,
the credentials I passed appearantly are not accepted anymore.
I get the error: hr=-2147012881, which means
ERROR_INTERNET_LOGIN_FAILURE
(the errorcode was hard to find, finally I found this page:
http://www.vbshf.com/vbshf/wsus/sus_error_code.htm)

Does anybody have any ideas on why my credentials are not accepted
when running as local system account?
I suspect that it has something to do with the local system account
not being able to encrypt the credentials using CryptProtectData().
When I run the service under another account, e.g. administrator, my
credentials are getting accepted again.

The documentation on IWMCredentialCallback::AcquireCredentials()
states that I could encrypt the credentials myself using
CryptProtectData(), and I'd like to try that to find out if my
suspicions are correct.

However, the documentation is rather poor on how to do that:
CryptProtectData() has lots of parameters and I suppose I have to use
the same parameters that the SDK uses when it does the encryption for
me.
Also, even if I succeed in encrypting, I don't know how to pass the
encrypted values in the buffers passed to me in
AcquireCredentials().

So my final questions are:
- which parameters do I need in a call to AcquireCredentials()?
- how can I pass the results from AcquireCrendentials() into the
preallocated username and password buffers?

Greetings, and thanks in advance,
Roland Blom
Triple IT
Netherlands
.

Follow-Ups:
- Re: IWMCredentialCallback::AcquireCredentials() and CryptProtectData()
  - From: Roland

Prev by Date: Re: How do I write data to a file while encoding?
Next by Date: Re: Enabling Seeking when encoding
Previous by thread: Dump Filter DirectShow hangs GraphEdit
Next by thread: Re: IWMCredentialCallback::AcquireCredentials() and CryptProtectData()
Index(es):
- Date
- Thread

Relevant Pages

Re: Best practice for "hiding" secrets
... The idea is to store your credentials in a registry setting, ... Even if someone gets your app, they don't get the registry. ... to allow system admins to encrypt the credentials and store them into the ...
(microsoft.public.dotnet.framework)
Re: Best practice for "hiding" secrets
... The idea is to store your credentials in a registry setting, ... Even if someone gets your app, they don't get the registry. ... to allow system admins to encrypt the credentials and store them into the ...
(microsoft.public.dotnet.general)
Re: Best practice for "hiding" secrets
... The idea is to store your credentials in a registry setting, ... Even if someone gets your app, they don't get the registry. ... to allow system admins to encrypt the credentials and store them into the ...
(microsoft.public.dotnet.security)
Re: Application Roles
... CryptProtectData API to encrypt the password based on either the machine ... credentials or the user's credentials. ... > I have a question concerning SQL Server Application ...
(microsoft.public.sqlserver.security)
Re: Windows Service Question
... that i wont know the credentials of another user because it will be run by ... service in place which that will pull the new version of the windows service ... > local system account and enter the credentials of the user you want your ... > information changes. ...
(microsoft.public.dotnet.languages.vb)