SSPI example using WDigest RRS feed

  • Question

  • Hello everybody,

    Where could one find a simple example using SSPI with WDigest in C++?

    SSPI Sample Application for Windows  Mobile 6.5 in MSDN shows a client app using NTLM. The more elaborate example Sample SSPI Code is using Negotiate (again, NTLM or Kerberos). Tweaking with the latter is not really straightforward: for once, the client-side message sending function doesn't work with 0 length messages (which is actually a legitimate value returned by the first Initialize). After fixing that and changing the flags used in AcceptSecurityContext()/InitializeSecurityContext() to ASC_REQ_CONFIDENTIALITY, the server side finally generated the challenge. Here is the nonce:


    where the realm is the actual domain name. However, the second call to client's InitializeSecurityContext() returns SEC_E_INVALID_TOKEN. Again, this is based heavily on MSDN's example modified for WDigest, so I am kind of lost at the moment ...

    Any (working) snippet would be greatly appreciated,


    Saturday, December 4, 2010 1:27 PM