Exchanging Data with Logon Applications

Authentication package DLLs run in-process with the Local Security Authority (LSA). Logon applications, on the other hand, typically run in their own separate process. In order to handle interprocess data exchange between an authentication package and a logon application, an authentication package must be able to allocate and access memory in the logon application's process. The LSA provides several functions that authentication packages can use for this purpose.

An authentication package allocates a buffer in the calling client's process by calling AllocateClientBuffer. This is useful for returning variable sized parameter information. When the returned data is no longer needed, it can be freed either by the authentication package, using FreeClientBuffer, or by the logon application, using LsaFreeReturnBuffer. Note that only buffers allocated by AllocateClientBuffer should be freed by calling FreeClientBuffer.

The LSA also provides methods to copy data between the address space of the authentication package and the address space of the logon application. The authentication package copies data to the logon application's address space by calling CopyToClientBuffer. The target buffer can be, but does not have to be, a buffer allocated by the authentication package. To copy data from the logon application's address space, call CopyFromClientBuffer.

Send comments about this topic to Microsoft

Build date: 4/6/2010