WinVerifyTrust
[New
- Windows NT]
The WinVerifyTrust
function performs a specified verification action on a specified subject. The
function passes the inquiry to the trust provider, if any, that supports the
action identifier.
LONG
WinVerifyTrust(
|
HWND hwnd, |
// handle to a window for interacting with the user |
|
GUID *ActionID, |
// pointer to a trust provider action identifier |
|
LPVOID ActionData |
// pointer to a buffer containing action-specific
data |
|
); |
|
Parameters
hwnd
Handle to the
caller s window. The trust provider can use this value to determine whether it
can interact with the user. However, trust providers typically perform
verification actions with input from the user.
This
parameter can be one of the following values.
|
Value |
Meaning |
|
INVALID_HANDLE_VALUE |
There is no
interactive user. The trust provider performs the verification action without
the user s assistance. |
|
Zero |
The trust
provider can use the interactive desktop to display its user interface. |
|
A valid
window handle |
A trust provider
can treat any value other than INVALID_HANDLE_VALUE or zero as a valid window
handle that it can use to interact with the user. |
ActionID
Pointer to a GUID structure that identifies
an action, and implicitly, the trust provider that supports the action
identifier. This value indicates the type of verification action to perform on
the subject identified by the ActionData parameter.
The WinTrust
service is designed to work with trust providers implemented by third parties.
Each trust provider provides its own unique set of action identifiers. For
information about the action identifiers supported by a trust provider, see the
documentation for that trust provider.
For example,
Microsoft provides a Software Publisher Trust Provider that can establish the
trustworthiness of software being downloaded from a public network, such as the
internet. The Software Publisher Trust Provider supports the following action
identifiers.
|
Value |
Description |
|
|
WIN_SPUB_ACTION_TRUSTED_PUBLISHER |
|
|
|
|
The ActionData
parameter is a pointer to a WIN_SPUB_TRUSTED_PUBLISHER_DATA structure.
|
|
|
WIN_SPUB_ACTION_NT_ACTIVATE_IMAGE |
|
|
|
|
The ActionData
parameter is a pointer to a WIN_TRUST_ACTDATA_CONTEXT_WITH_SUBJECT
structure. |
|
|
WIN_SPUB_ACTION_PUBLISHED_SOFTWARE |
|
|
|
|
The ActionData
parameter is a pointer to a WIN_TRUST_ACTDATA_CONTEXT_WITH_SUBJECT
structure. |
|
ActionData
Pointer to a
buffer that contains information that the trust provider needs to process the
specified action identifier. Typically, the data in the buffer includes
information that identifies the subject that the trust provider must evaluate.
The format of
the data depends on the action identifier. For information about the data
required for a specific action identifier, see the documentation for the trust
provider that supports that action.
Return Values
If the trust
provider verifies that the subject is trusted for the specified action, the
return value is ERROR_SUCCESS.
Otherwise,
the return value is the status code returned by the trust provider. For
example, a trust provider might indicate that the subject is not trusted, or is
trusted but with limitations or warnings. The return value can be a
trust-provider-specific value described in the documentation for an individual
trust provider, or it can be one of the following error codes.
|
Value |
Meaning |
|
TRUST_E_SUBJECT_NOT_TRUSTED |
The subject
failed the specified verification action. Most trust providers return a more
detailed error code that describes the reason for the failure. |
|
TRUST_E_PROVIDER_UNKNOWN |
The trust
provider is not recognized on this system. |
|
TRUST_E_ACTION_UNKNOWN |
The trust
provider does not support the specified action. |
|
TRUST_E_SUBJECT_FORM_UNKNOWN |
The trust
provider does not support the form specified for the subject. |
Remarks
The WinVerifyTrust
function enables applications to invoke a trust provider to verify that a
specified subject satisfies the criteria of a specified verification operation.
The ActionID parameter identifies the verification operation, and the ActionData
parameter identifies the subject. A trust provider is a DLL registered with
WinTrust. When you call WinVerifyTrust, the WinTrust service forwards
the call to the registered trust provider, if there is one, that supports the
specified action identifier.
For example,
the Software Publisher Trust Provider can verify that an executable image file
comes from a trusted software publisher and that the file has not been modified
since it was published. In this case, the ActionData parameter specifies
the name of the file and the type of file, such as a Microsoft Portable
Executable image file or a Java class file.
Each trust
provider supports a specific set of actions that it can evaluate. Each action
has a globally unique identifier (GUID) that identifies it. A trust
provider can support any number of action identifiers, but two trust providers
cannot support the same action identifier.
See Also