This is the third in a series of posts that describe new and updated samples in the Windows 7 SDK. The following table lists Security samples, including Authorization, CryptoApi, Local Security Authority (LSA), Windows Firewall, and x509SecurityToken.
Over 1,200 samples were changed since the release of the Windows SDK for Windows 7 RC release. Many “new to Win 7” samples were added, simplified, or extended, and many older samples were updated to support Windows 7 as well as older operating systems.
For build instructions and additional information about the samples, see the Readme.txt files and other documents in the SDK sample folders. For general sample building instructions, refer to the Samples Reference page that installs with the Windows SDK, and the SDK Release Notes (under the Start menu, in All Programs > Microsoft Windows SDK v7.0). By default, Win32 samples are installed under the following path: C:\Program Files\Microsoft SDKs\Windows\v7.0\Samples.
Send your thoughts to the Windows SDK Feedback alias. Tell us how you use the SDK and what we can do to improve your development experience.
New/updated Security services samples in the Windows SDK for Windows 7
Location (under Samples)
Security Authorization AclApi
ACL API usage sample
Security Authorization Audit
Demonstrates how to use the LSA security API to manage the audit status on the local machine or a remote machine.
Security Authorization MyToken
Demonstrates the contents of the NT token of the user.
Security Authorization SecPrint
Demonstrates how to use the low-level access control APIs to add permissions to a printer.
Security Authorization SecurObj
Demonstrates how to integrate NT security with an application that needs to protect components or data. Some of the NT Security concepts that this sample demonstrates: – Building hierarchical container/object security with automatic ACL inheritance using the Private Object security APIs – How to validate access for a client against an object – How to call the NT5 provided ACLUI interface for setting access permissions Because of the inclusion of the ACLUI interface, this sample will run as-is only on NT5. If you would like to run this sample on NT4, remove the ACLUI module and references to it in Main.cpp from the project. You will then have to add code to view/set security on the objects. Note to programmers: Some of you may notice that I am UI challenged. I apologize in advance if you think my interface to the objects is clumsy, ugly, or annoying.
Security Authorization TextSid
Demonstrates how to obtain the textual representation of a binary Sid. This is useful in scenarios where it is not appropriate to obtain the name associated with the Sid, or when the network is not available to obtain such information.
Certificate chain building and validation
Demonstrates how to validate a certificate by building and verifying a certificate chain
Certificate Selection sample
Demonstrates how to select certificates using new Windows 7 APIs – CertSelectCertificateChains and display the certificate selection dialog using CredUIPromptForWindowsCredentials
Acquire private key from certificate; use it for signing
Demonstrates how to acquire a private key associated with a certificate and use it for signing.
Creating a Certificate
Demonstrates how to create a certificate with a private key associated with it.
CryptXML: Signing and Verifying and XML Digital Signature with the CryptXML API
Demonstrates how to create and verify XML signatures using X.509 certificates. Looks for a test certificate in the user’s personal certificate store and builds a chain for it. Demonstrates the use of the following APIs: – CryptXmlOpenToDecode – CryptXmlVerifySignature – CryptXmlOpenToEncode – CryptXmlCreateReference – CryptXmlSign – CryptXmlEncode – CryptXmlDigestReference – CryptXmlGetStatus – CryptXmlFindAlgorithmInfo
Security CryptoApi Encrypt
Demonstrates a console application that encrypts files
Security CryptoAPI EncryptDecrypt
Demonstrates Encryption/Decryption using a random session key, using session key derived from a password hash.
Message Encryption Sample
Demonstrates how to encrypt and decrypt a PKCS7 (CMS) message using the CryptEncryptMessage and CryptDecryptMessage APIs
Security CryptoApi EnumAlgs
Demonstrates a console application that lists the algorithms supported by the default provider
Using exclusive trust anchors for certificate validation
Demonstrates how to use exclusive trust anchors for validating a certificate.
Security CryptoApi InitUser
Sets up the default cryptographic client
X.509 Logotypes Retrieval Sample
Demonstrates the new Win32 API to retrieve logotype and biometric extensions in X.509 certificates
Retrieve and embed an OCSP response
Demonstrates how to retrieve an OCSP response from the revocation information in a certificate chain and also Demonstrates how to embed an OCSP response as a property on a certificate
Peer Trust Sample
Demonstrates chain building for a certificate in the Trusted People store
Sample Certificate Store Provider
Demonstrates how to implement a custom certificate store provider
Security CryptoApi SignHash
File Signing/Verification sample that hashes the data in a file and signs or verifies the signature with the private or public key respectively.
Message Signing and Signature Verification Sample
Demonstrates how to sign a message and verify message signature
CryptoAPI: Verify Software Signature by Publisher Name
Demonstrates how Win32 applications can verify that a file with an Authenticode signature originates from a specific software publisher using WinVerifyTrust and associated helper APIs using the publishers’ name.
Security LSAPolicy MachAcct
Demonstrates how to create a machine account on the specified domain.
Windows Firewall Add GRE Rule
This sample code adds a GRE rule while temporarily elevating the user using the Microsoft Windows Firewall APIs.
Windows Firewall Add ICMP Rule Sample
This sample code adds a ICMP rule while temporarily elevating the user using the Microsoft Windows Firewall APIs.
Windows Firewall Add LAN Rule sample
This sample code adds a LAN rule while temporarily elevating the user using the Microsoft Windows Firewall APIs.
Windows Firewall Add Outbound Rule Sample
This sample code adds a outbound rule to allow a TCP connection while temporarily elevating the user using the Microsoft Windows Firewall APIs.
Windows Firewall Add Rule per Interface Sample
This sample code is to add a rule per interface while temporarily elevating the user using the Microsoft Windows Firewall APIs.
Windows Firewall Add Service Rule Sample
This sample code adds a Service while temporarily elevating the user using the Microsoft Windows Firewall APIs.
Windows Firewall Disable Firewall Per Interface Sample
This sample code is for disabling Windows Firewall per Interface while temporarily elevating the user using the Microsoft Windows Firewall APIs.
Disable Windows Firewall Sample
This sample code is for disabling Windows Firewall per profile using the Microsoft Windows Firewall APIs.
Windows Firewall Edge Traversal Options Sample
Demonstrates how to add firewall rule with the EdgeTraversalOptions.
Windows Firewall Enable Group Sample
This sample code is for enabling Windows Firewall exception groups using the Microsoft Windows Firewall APIs.
Windows Firewall Get Firewall Settings Sample
This sample code is for reading Windows Firewall Settings per profile using the Microsoft Windows Firewall APIs.
Handling Multiple Active Firewall Profiles Sample
Demonstrates correct usage of following methods/properties of INetFwPolicy2 COM interface when multiple firewall profiles are active/current at the same time: – CurrentProfileTypes – IsRuleGroupCurrentlyEnabled – IsRuleGroupEnabled – LocalPolicyModifyState
Windows Firewall Restrict Service
Demonstrates how to restrict a service while temporarily elevating the user using the Microsoft Windows Firewall APIs.
C# sample: enrollWithIX509EnrollmentHelper
Demonstrates how to use the Windows 7 new http protocol to enroll a certificate by calling the IX509EnrollmentHelper::AddEnrollmentServer and X509Enrollment2::Enroll methods. The purpose of the call to the IX509EnrollmentHelper::AddEnrollmentServer is to cache the authentication credential to enrollment server in Windows vault.
security\x509 certificate enrollment\CSharp\enrollWithIX509EnrollmentHelper
Demonstrates how to use the Windows 7 new http protocol to enroll a certificate by calling the IX509Enrollment2:CreateRequest, ICertRequest3::SetCredential, ICertRequest3::Submit and IX509Enrollment2::InstallResponse2 methods. The purpose of the call to the ICertRequest3::SetCredential is to set the authentication credential to enrollment server in the object pointed by the interface ICertRequest3.
security\x509 certificate enrollment\vc\enrollWithICertRequest3
Demonstrates how to use the Windows 7 new http protocol to enroll a certificate by calling the IX509EnrollmentHelper::AddEnrollmentServer and IX509Enrollment2::Enroll methods. The purpose of the call to the IX509EnrollmentHelper::AddEnrollmentServer is to cache the authentication credential to enrollment server in Windows vault.
security\x509 certificate enrollment\vc\enrollWithIX509EnrollmentHelper
Program Manager for Samples
Windows SDK Team