New Win32 Samples in Windows SDK for Windows 7: Security


This is the third in a series of posts that describe new and updated samples in the Windows 7 SDK. The following table lists Security samples, including Authorization, CryptoApi, Local Security Authority (LSA), Windows Firewall, and x509SecurityToken.


 


See also:


New Win32 Samples in Windows SDK for Windows 7: Networking and Related Services


New Win32 Samples in Windows SDK for Windows 7: Multimedia


New Win32 Samples in Windows SDK for Windows 7: Security


New Win32 Samples in Windows SDK for Windows 7: Systems Management


New Win32 Samples in Windows SDK for Windows 7: Open Packaging Conventions (OPC)


New Win32 Samples in Windows SDK for Windows 7: Tablet PC and MultiTouch


New Win32 Samples in Windows SDK for Windows 7: Web


New Win32 Samples in Windows SDK for Windows 7: Windows Base


New Win32 Samples in Windows SDK for Windows 7: Windows User Interface


New Win32 Samples in Windows SDK for Windows 7: Windows XML Paper Specification (XPS)


New Win32 Samples in Windows SDK for Windows 7: Communication


 


Over 1,200 samples were changed since the release of the Windows SDK for Windows 7 RC release. Many “new to Win 7” samples were added, simplified, or extended, and many older samples were updated to support Windows 7 as well as older operating systems.


 


For build instructions and additional information about the samples, see the Readme.txt files and other documents in the SDK sample folders. For general sample building instructions, refer to the Samples Reference page that installs with the Windows SDK, and the SDK Release Notes (under the Start menu, in All Programs > Microsoft Windows SDK v7.0). By default, Win32 samples are installed under the following path: C:\Program Files\Microsoft SDKs\Windows\v7.0\Samples.


 


Send your thoughts to the Windows SDK Feedback alias.  Tell us how you use the SDK and what we can do to improve your development experience.


 


New/updated Security services samples in the Windows SDK for Windows 7












































































































































































Sample


Description


Location (under Samples)


Security Authorization AclApi


ACL API usage sample


Security\Authorization\AclApi


Security Authorization Audit


Demonstrates how to use the LSA security API to manage the audit status on the local machine or a remote machine.


Security\Authorization\Audit


Security Authorization MyToken


Demonstrates the contents of the NT token of the user.


Security\Authorization\MyToken


Security Authorization SecPrint


Demonstrates how to use the low-level access control APIs to add permissions to a printer.


Security\Authorization\SecPrint


Security Authorization SecurObj


Demonstrates how to integrate NT security with an application that needs to protect components or data. Some of the NT Security concepts that this sample demonstrates: – Building hierarchical container/object security with automatic ACL inheritance using the Private Object security APIs – How to validate access for a client against an object – How to call the NT5 provided ACLUI interface for setting access permissions Because of the inclusion of the ACLUI interface, this sample will run as-is only on NT5. If you would like to run this sample on NT4, remove the ACLUI module and references to it in Main.cpp from the project. You will then have to add code to view/set security on the objects. Note to programmers: Some of you may notice that I am UI challenged. I apologize in advance if you think my interface to the objects is clumsy, ugly, or annoying.


Security\Authorization\SecurObj


Security Authorization TextSid


Demonstrates how to obtain the textual representation of a binary Sid. This is useful in scenarios where it is not appropriate to obtain the name associated with the Sid, or when the network is not available to obtain such information.


Security\Authorization\TextSid


Certificate chain building and validation


Demonstrates how to validate a certificate by building and verifying a certificate chain


Security\CryptoApi\BuildChain


Certificate Selection sample


Demonstrates how to select certificates using new Windows 7 APIs – CertSelectCertificateChains and display the certificate selection dialog using CredUIPromptForWindowsCredentials


Security\CryptoApi\CertSelect


Acquire private key from certificate; use it for signing


Demonstrates how to acquire a private key associated with a certificate and use it for signing.


Security\CryptoApi\CertSign


Creating a Certificate


Demonstrates how to create a certificate with a private key associated with it.


Security\CryptoApi\CreateCertificate


CryptXML: Signing and Verifying and XML Digital Signature with the CryptXML API


Demonstrates how to create and verify XML signatures using X.509 certificates. Looks for a test certificate in the user’s personal certificate store and builds a chain for it. Demonstrates the use of the following APIs: – CryptXmlOpenToDecode – CryptXmlVerifySignature – CryptXmlOpenToEncode – CryptXmlCreateReference – CryptXmlSign – CryptXmlEncode – CryptXmlDigestReference – CryptXmlGetStatus – CryptXmlFindAlgorithmInfo


security\cryptoapi\cryptxml


Security CryptoApi Encrypt


Demonstrates a console application that encrypts files


Security\CryptoApi\Encrypt


Security CryptoAPI EncryptDecrypt


Demonstrates Encryption/Decryption using a random session key, using session key derived from a password hash.


Security\CryptoApi\EncryptDecrypt


Message Encryption Sample


Demonstrates how to encrypt and decrypt a PKCS7 (CMS) message using the CryptEncryptMessage and CryptDecryptMessage APIs


Security\CryptoApi\EncryptMessage


Security CryptoApi EnumAlgs


Demonstrates a console application that lists the algorithms supported by the default provider


Security\CryptoApi\EnumAlgs


Using exclusive trust anchors for certificate validation


Demonstrates how to use exclusive trust anchors for validating a certificate.


Security\CryptoApi\ExclusiveTrust


Security CryptoApi InitUser


Sets up the default cryptographic client


Security\CryptoApi\InitUser


X.509 Logotypes Retrieval Sample


Demonstrates the new Win32 API to retrieve logotype and biometric extensions in X.509 certificates


Security\CryptoApi\logotypes


Retrieve and embed an OCSP response


Demonstrates how to retrieve an OCSP response from the revocation information in a certificate chain and also Demonstrates how to embed an OCSP response as a property on a certificate


Security\CryptoApi\OCSP_Response


Peer Trust Sample


Demonstrates chain building for a certificate in the Trusted People store


Security\CryptoApi\peertrust


Sample Certificate Store Provider


Demonstrates how to implement a custom certificate store provider


Security\CryptoApi\SampleStoreProvider


Security CryptoApi SignHash


File Signing/Verification sample that hashes the data in a file and signs or verifies the signature with the private or public key respectively.


Security\CryptoApi\SignHash


Message Signing and Signature Verification Sample


Demonstrates how to sign a message and verify message signature


security\CryptoAPI\SignMessage


CryptoAPI: Verify Software Signature by Publisher Name


Demonstrates how Win32 applications can verify that a file with an Authenticode signature originates from a specific software publisher using WinVerifyTrust and associated helper APIs using the publishers’ name.


security\cryptoapi\VerifyNameTrust


Security LSAPolicy MachAcct


Demonstrates how to create a machine account on the specified domain.


Security\LSAPolicy\MachAcct


Windows Firewall Add GRE Rule


This sample code adds a GRE rule while temporarily elevating the user using the Microsoft Windows Firewall APIs.


Security\WindowsFirewall\Add_GRE_Rule


Windows Firewall Add ICMP Rule Sample


This sample code adds a ICMP rule while temporarily elevating the user using the Microsoft Windows Firewall APIs.


Security\WindowsFirewall\Add_ICMP_Rule


Windows Firewall Add LAN Rule sample


This sample code adds a LAN rule while temporarily elevating the user using the Microsoft Windows Firewall APIs.


Security\WindowsFirewall\Add_LAN_Rule


Windows Firewall Add Outbound Rule Sample


This sample code adds a outbound rule to allow a TCP connection while temporarily elevating the user using the Microsoft Windows Firewall APIs.


Security\WindowsFirewall\Add_Outbound_Rule


Windows Firewall Add Rule per Interface Sample


This sample code is to add a rule per interface while temporarily elevating the user using the Microsoft Windows Firewall APIs.


Security\WindowsFirewall\Add_PerInterface_Rule


Windows Firewall Add Service Rule Sample


This sample code adds a Service while temporarily elevating the user using the Microsoft Windows Firewall APIs.


Security\WindowsFirewall\Add_Service_Rule


Windows Firewall Disable Firewall Per Interface Sample


This sample code is for disabling Windows Firewall per Interface while temporarily elevating the user using the Microsoft Windows Firewall APIs.


Security\WindowsFirewall\Disable_Firewall_PerInterface


Disable Windows Firewall Sample


This sample code is for disabling Windows Firewall per profile using the Microsoft Windows Firewall APIs.


Security\WindowsFirewall\DisableWindowsFirewall


Windows Firewall Edge Traversal Options Sample


Demonstrates how to add firewall rule with the EdgeTraversalOptions.


Security\WindowsFirewall\EdgeTraversalOptions


Windows Firewall Enable Group Sample


This sample code is for enabling Windows Firewall exception groups using the Microsoft Windows Firewall APIs.


Security\WindowsFirewall\EnableGroup


Windows Firewall Get Firewall Settings Sample


This sample code is for reading Windows Firewall Settings per profile using the Microsoft Windows Firewall APIs.


Security\WindowsFirewall\GetFirewallSettings


Handling Multiple Active Firewall Profiles Sample


Demonstrates correct usage of following methods/properties of INetFwPolicy2 COM interface when multiple firewall profiles are active/current at the same time: – CurrentProfileTypes – IsRuleGroupCurrentlyEnabled – IsRuleGroupEnabled – LocalPolicyModifyState


Security\WindowsFirewall\MultipleActiveProfiles


Windows Firewall Restrict Service


Demonstrates how to restrict a service while temporarily elevating the user using the Microsoft Windows Firewall APIs.


Security\WindowsFirewall\RestrictService


C# sample: enrollWithIX509EnrollmentHelper


Demonstrates how to use the Windows 7 new http protocol to enroll a certificate by calling the IX509EnrollmentHelper::AddEnrollmentServer and X509Enrollment2::Enroll methods. The purpose of the call to the IX509EnrollmentHelper::AddEnrollmentServer is to cache the authentication credential to enrollment server in Windows vault.


security\x509 certificate enrollment\CSharp\enrollWithIX509EnrollmentHelper


enrollWithICertRequest3


Demonstrates how to use the Windows 7 new http protocol to enroll a certificate by calling the IX509Enrollment2:CreateRequest, ICertRequest3::SetCredential, ICertRequest3::Submit and IX509Enrollment2::InstallResponse2 methods. The purpose of the call to the ICertRequest3::SetCredential is to set the authentication credential to enrollment server in the object pointed by the interface ICertRequest3.


security\x509 certificate enrollment\vc\enrollWithICertRequest3


enrollWithIX509EnrollmentHelper


Demonstrates how to use the Windows 7 new http protocol to enroll a certificate by calling the IX509EnrollmentHelper::AddEnrollmentServer and IX509Enrollment2::Enroll methods. The purpose of the call to the IX509EnrollmentHelper::AddEnrollmentServer is to cache the authentication credential to enrollment server in Windows vault.


security\x509 certificate enrollment\vc\enrollWithIX509EnrollmentHelper


Karin Meier-Magruder
Program Manager for Samples
Windows SDK Team


 

Comments (0)