Handling new credentials acquisition

The process of acquiring credentials happens as follows:

Responding to credential acquisition messages


The credential acquisition messages are <KMSG_CRED,KMSG_CRED_NEW_CREDS> and <KMSG_CRED, KMSG_CRED_RENEW_CREDS>. They are structured as follows:

The vparam parameter of the message, as shown above, is a pointer to a khui_new_creds structure. You can use the subtype field of this structure to determine whether this is a new credentials acquisition or a renewal.

In response to this message, a credentials provider is expected to provide a configuration panel which the user can use to customize how the credentials of this type are to be obtained. The panel is described by the khui_new_creds_by_type structure.

Specifying the credentials type panel

The credentials type panel is used by the user to customize how credentials of the specified type are to be obtained. The khui_new_creds_by_type structure that describes the panel can be used to specify a number of parameters that guide how the panel is to be displayed in the new credentials acquisition dialog.

The name field defines a localized string that will be displayed in the tab control that houses the panel. If it is NULL, then the name of the credentials type is used. Optionally, an icon can be specified in the icon field which will appear alongside the name. A tooltip may be provided in the tooltip field which will be displayed when the user hovers the mouse over the tab.

In order to assert that the tab appears at a specific position in the list of tabs, you can specify a positive number in the ordinal field. Zero does not count as a valid ordinal. The panels with positive ordinals are arranged first in increasing order of ordinal (conflicts are resolved by sorting along the name). Then the panels without a positive ordianl are arranged behind these in increasing order of name.

Currently, the credentials provider must specify a dialog template that will be used to create the embedded dialog for configuring new credentials for the type. This is done by setting the khui_new_creds_by_type::h_module, khui_new_creds_by_type::dlg_proc and khui_new_creds_by_type::dlg_template fields.

Following is example code which suggests how this could be done:

       // Message handling code for KMSG_CRED_NEW_CREDS or
       khui_new_creds * c;
       khui_new_creds_by_type * t;

       c = (khui_new_creds *) vparam;
       t = PMALLOC(sizeof(*t));
       ZeroMemory(t, sizeof(*t));

       t->type = my_cred_type;

       // set look and feel params
       t->ordinal = 3; // third in line
       t->name = L"My panel name";
       t->icon = LoadIcon(my_hInstance, MAKEINTRESOURCE(IDI_PANEL_ICON));
       t->tooltip = L"Configure credentials of my type";

       // specify the dialog template to use
       t->h_module = my_hInstance;
       t->dlg_proc = my_dialog_procedure;
       t->dlg_template = MAKEINTRESOURCE(IDD_NEW_CREDS);

       if(KHM_FAILED(khui_cw_add_type(c,t))) {
           // handle error

It is important to note that the khui_new_creds_by_type pointer that is passed into khui_cw_add_type() points to an allocated block of memory which should remain in memory until <KMSG_CRED,KMSG_CRED_END> message is received.

For information on how the dialog procedure should be written, see Writing the dialog procedure for a cred type panel .

Generated on Fri Aug 3 08:27:13 2007 for Network Identity Manager by Doxygen 1.5.2
© 2004-2007 Massachusetts Institute of Technology.
© 2005-2007 Secure Endpoints Inc.
Contact khimaira@mit.edu