I'm using CredUIConfirmCredentials in combination with CredUIPromptForCredentials.
I set the EXPECT_CONFIRMATION, and when the credentials are first provided by
the user the call to CredUIConfirmCredentials returns NO_ERROR as expected.
However, on all subsequent calls to CredUIConfirmCredentials, with the same
credentials, ERROR_INVALID_PARAMETER is returned. This is described by the
SDK docs as:
An attempt to confirm a waiting credential failed because the credential contained invalid or inconsistent data.
which is rather confusing as they are exactly the same credentials that were successfully saved originally.
The same result is returned if you enter a different password for the same username. What is even more confusing is that the new credentials are actually persisted - which seems to indicate that the return value is actually indicating that the persisted credentials were overwritten - not that there was a error. Am I missing something, or is the documentation incorrect?
Background
You can use Window's credential system to store credentials for your own application. You tell Windows you want to prompt for "generic" credentials for some "target":
pseudo-code:
CredUIPromptForCredentials("My Application", ref username, ref password);
will then cause Windows to display a dialog box:
It is then your job to check the credentials the user has entered. If they are valid, you tell Windows this by calling ConfirmCredentials. This is to ensure that only valid credentials are saved:
CredUIConfirmCredentials("My Application", true);
Once the credentials have been confirmed as valid, Windows will save them in the secure store, which you can see through the Control Panel:
Keywords: credui, CredUIConfirmCredentials