Obtaining Identity Information

To obtain initial identifying information for the user who is requesting authentication, you may use a function interface when implementing the authentication protocol. In order to obtain this information, the following functions must be used.

• RasEapGetIdentity
• RasEapFreeMemory

These functions may be implemented in the same DLL as the authentication protocol, or in a separate DLL. Also, the DLL that implements the identity functions may support more than one authentication protocol. The path to the DLL for these functions is stored in the RAS_EAP_VALUENAME_IDENTITY registry value, under the key for the authentication protocol. For more information about creating this registry value, see EAP Installation.

The RasEapGetIdentity function typically displays a UI to obtain identity information for the user. However, if the dwFlags parameter contains the RAS_EAP_FLAG_NON_INTERACTIVE flag, RasEapGetIdentity should not display a UI.

If RasEapGetIdentity does display a UI, the UI must support WMCOMMAND messages where the value of LOWORD (wParam) is equal to IDCANCEL.

The Remote Access Service (RAS) calls RasEapGetIdentity if the RAS_EAP_VALUENAME_INVOKE_NAMEDLG that is in the registry for this EAP is set to 0. If RAS_EAP_VALUENAME_INVOKE_NAMEDLG is not present, or is present and is set to one, RAS displays the standard user name dialog box.

In addition to RAS_EAP_VALUENAME_INVOKE_NAMEDLG, a related value may be created in the registry: RAS_EAP_VALUENAME_INBOKE_PWWDLG. If this value is present and is set to 0, RAS will not display the standard password dialog. This value is useful when implementing a biometric method such as a fingerprint scan to authenticate the user. If both the RAS_EAP_VALUENAME_INVOKE_NAMEDLG and RAS_EAP_VALUENAME_INVOKE_PWDDLG values are 0, an identity UI could be used to obtain both the identity and biometric information. However, if only RAS_EAP_VALUENAME_INVOKE_PWDDLG is 0, RAS will not call RasEapGetIdentity. In this case, you could use the interactive UI to obtain the biometric information. For more information on these registry values, see EAP Registry Settings.

The information obtained by RasEapGetIdentity is passed to the authentication protocol during the call to RasEapBegin. The pszIdentity and pUserData members of the PPP_EAP_INPUT structure point to the information. To save this information in the registry on the client computer, the authentication protocol should return the information in the pEapOutput parameter of RasEapMakeMessage.

After the call to RasEapBegin, RAS calls RasEapFreeMemory to free the memory occupied by this data. Therefore, the authentication protocol should copy the information into a private memory buffer during the call to RasEapBegin.

See Also

Extensible Authentication Protocol | RasEapGetIdentity | RasEapFreeMemory | EAP Installation | EAP Registry Settings | RasEapBegin | PPP_EAP_INPUT | RasEapMakeMessage

 Last updated on Thursday, April 08, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.