This is the third in a series of posts that describe new and updated samples in the Windows 7 SDK. The following table lists Security samples, including Authorization, CryptoApi, Local Security Authority (LSA), Windows Firewall, and x509SecurityToken.

 

See also:

New Win32 Samples in Windows SDK for Windows 7: Networking and Related Services

New Win32 Samples in Windows SDK for Windows 7: Multimedia

New Win32 Samples in Windows SDK for Windows 7: Security

New Win32 Samples in Windows SDK for Windows 7: Systems Management

New Win32 Samples in Windows SDK for Windows 7: Open Packaging Conventions (OPC)

New Win32 Samples in Windows SDK for Windows 7: Tablet PC and MultiTouch

New Win32 Samples in Windows SDK for Windows 7: Web

New Win32 Samples in Windows SDK for Windows 7: Windows Base

New Win32 Samples in Windows SDK for Windows 7: Windows User Interface

New Win32 Samples in Windows SDK for Windows 7: Windows XML Paper Specification (XPS)

New Win32 Samples in Windows SDK for Windows 7: Communication

 

Over 1,200 samples were changed since the release of the Windows SDK for Windows 7 RC release. Many “new to Win 7” samples were added, simplified, or extended, and many older samples were updated to support Windows 7 as well as older operating systems.

 

For build instructions and additional information about the samples, see the Readme.txt files and other documents in the SDK sample folders. For general sample building instructions, refer to the Samples Reference page that installs with the Windows SDK, and the SDK Release Notes (under the Start menu, in All Programs > Microsoft Windows SDK v7.0). By default, Win32 samples are installed under the following path: C:\Program Files\Microsoft SDKs\Windows\v7.0\Samples.

 

Send your thoughts to the Windows SDK Feedback alias.  Tell us how you use the SDK and what we can do to improve your development experience.

 

New/updated Security services samples in the Windows SDK for Windows 7

Sample

Description

Location (under Samples)

Security Authorization AclApi

ACL API usage sample

Security\Authorization\AclApi

Security Authorization Audit

Demonstrates how to use the LSA security API to manage the audit status on the local machine or a remote machine.

Security\Authorization\Audit

Security Authorization MyToken

Demonstrates the contents of the NT token of the user.

Security\Authorization\MyToken

Security Authorization SecPrint

Demonstrates how to use the low-level access control APIs to add permissions to a printer.

Security\Authorization\SecPrint

Security Authorization SecurObj

Demonstrates how to integrate NT security with an application that needs to protect components or data. Some of the NT Security concepts that this sample demonstrates: - Building hierarchical container/object security with automatic ACL inheritance using the Private Object security APIs - How to validate access for a client against an object - How to call the NT5 provided ACLUI interface for setting access permissions Because of the inclusion of the ACLUI interface, this sample will run as-is only on NT5. If you would like to run this sample on NT4, remove the ACLUI module and references to it in Main.cpp from the project. You will then have to add code to view/set security on the objects. Note to programmers: Some of you may notice that I am UI challenged. I apologize in advance if you think my interface to the objects is clumsy, ugly, or annoying.

Security\Authorization\SecurObj

Security Authorization TextSid

Demonstrates how to obtain the textual representation of a binary Sid. This is useful in scenarios where it is not appropriate to obtain the name associated with the Sid, or when the network is not available to obtain such information.

Security\Authorization\TextSid

Certificate chain building and validation

Demonstrates how to validate a certificate by building and verifying a certificate chain

Security\CryptoApi\BuildChain

Certificate Selection sample

Demonstrates how to select certificates using new Windows 7 APIs - CertSelectCertificateChains and display the certificate selection dialog using CredUIPromptForWindowsCredentials

Security\CryptoApi\CertSelect

Acquire private key from certificate; use it for signing

Demonstrates how to acquire a private key associated with a certificate and use it for signing.

Security\CryptoApi\CertSign

Creating a Certificate

Demonstrates how to create a certificate with a private key associated with it.

Security\CryptoApi\CreateCertificate

CryptXML: Signing and Verifying and XML Digital Signature with the CryptXML API

Demonstrates how to create and verify XML signatures using X.509 certificates. Looks for a test certificate in the user's personal certificate store and builds a chain for it. Demonstrates the use of the following APIs: - CryptXmlOpenToDecode - CryptXmlVerifySignature - CryptXmlOpenToEncode - CryptXmlCreateReference - CryptXmlSign - CryptXmlEncode - CryptXmlDigestReference - CryptXmlGetStatus - CryptXmlFindAlgorithmInfo

security\cryptoapi\cryptxml

Security CryptoApi Encrypt

Demonstrates a console application that encrypts files

Security\CryptoApi\Encrypt

Security CryptoAPI EncryptDecrypt

Demonstrates Encryption/Decryption using a random session key, using session key derived from a password hash.

Security\CryptoApi\EncryptDecrypt

Message Encryption Sample

Demonstrates how to encrypt and decrypt a PKCS7 (CMS) message using the CryptEncryptMessage and CryptDecryptMessage APIs

Security\CryptoApi\EncryptMessage

Security CryptoApi EnumAlgs

Demonstrates a console application that lists the algorithms supported by the default provider

Security\CryptoApi\EnumAlgs

Using exclusive trust anchors for certificate validation

Demonstrates how to use exclusive trust anchors for validating a certificate.

Security\CryptoApi\ExclusiveTrust

Security CryptoApi InitUser

Sets up the default cryptographic client

Security\CryptoApi\InitUser

X.509 Logotypes Retrieval Sample

Demonstrates the new Win32 API to retrieve logotype and biometric extensions in X.509 certificates

Security\CryptoApi\logotypes

Retrieve and embed an OCSP response

Demonstrates how to retrieve an OCSP response from the revocation information in a certificate chain and also Demonstrates how to embed an OCSP response as a property on a certificate

Security\CryptoApi\OCSP_Response

Peer Trust Sample

Demonstrates chain building for a certificate in the Trusted People store

Security\CryptoApi\peertrust

Sample Certificate Store Provider

Demonstrates how to implement a custom certificate store provider

Security\CryptoApi\SampleStoreProvider

Security CryptoApi SignHash

File Signing/Verification sample that hashes the data in a file and signs or verifies the signature with the private or public key respectively.

Security\CryptoApi\SignHash

Message Signing and Signature Verification Sample

Demonstrates how to sign a message and verify message signature

security\CryptoAPI\SignMessage

CryptoAPI: Verify Software Signature by Publisher Name

Demonstrates how Win32 applications can verify that a file with an Authenticode signature originates from a specific software publisher using WinVerifyTrust and associated helper APIs using the publishers’ name.

security\cryptoapi\VerifyNameTrust

Security LSAPolicy MachAcct

Demonstrates how to create a machine account on the specified domain.

Security\LSAPolicy\MachAcct

Windows Firewall Add GRE Rule

This sample code adds a GRE rule while temporarily elevating the user using the Microsoft Windows Firewall APIs.

Security\WindowsFirewall\Add_GRE_Rule

Windows Firewall Add ICMP Rule Sample

This sample code adds a ICMP rule while temporarily elevating the user using the Microsoft Windows Firewall APIs.

Security\WindowsFirewall\Add_ICMP_Rule

Windows Firewall Add LAN Rule sample

This sample code adds a LAN rule while temporarily elevating the user using the Microsoft Windows Firewall APIs.

Security\WindowsFirewall\Add_LAN_Rule

Windows Firewall Add Outbound Rule Sample

This sample code adds a outbound rule to allow a TCP connection while temporarily elevating the user using the Microsoft Windows Firewall APIs.

Security\WindowsFirewall\Add_Outbound_Rule

Windows Firewall Add Rule per Interface Sample

This sample code is to add a rule per interface while temporarily elevating the user using the Microsoft Windows Firewall APIs.

Security\WindowsFirewall\Add_PerInterface_Rule

Windows Firewall Add Service Rule Sample

This sample code adds a Service while temporarily elevating the user using the Microsoft Windows Firewall APIs.

Security\WindowsFirewall\Add_Service_Rule

Windows Firewall Disable Firewall Per Interface Sample

This sample code is for disabling Windows Firewall per Interface while temporarily elevating the user using the Microsoft Windows Firewall APIs.

Security\WindowsFirewall\Disable_Firewall_PerInterface

Disable Windows Firewall Sample

This sample code is for disabling Windows Firewall per profile using the Microsoft Windows Firewall APIs.

Security\WindowsFirewall\DisableWindowsFirewall

Windows Firewall Edge Traversal Options Sample

Demonstrates how to add firewall rule with the EdgeTraversalOptions.

Security\WindowsFirewall\EdgeTraversalOptions

Windows Firewall Enable Group Sample

This sample code is for enabling Windows Firewall exception groups using the Microsoft Windows Firewall APIs.

Security\WindowsFirewall\EnableGroup

Windows Firewall Get Firewall Settings Sample

This sample code is for reading Windows Firewall Settings per profile using the Microsoft Windows Firewall APIs.

Security\WindowsFirewall\GetFirewallSettings

Handling Multiple Active Firewall Profiles Sample

Demonstrates correct usage of following methods/properties of INetFwPolicy2 COM interface when multiple firewall profiles are active/current at the same time: - CurrentProfileTypes - IsRuleGroupCurrentlyEnabled - IsRuleGroupEnabled - LocalPolicyModifyState

Security\WindowsFirewall\MultipleActiveProfiles

Windows Firewall Restrict Service

Demonstrates how to restrict a service while temporarily elevating the user using the Microsoft Windows Firewall APIs.

Security\WindowsFirewall\RestrictService

C# sample: enrollWithIX509EnrollmentHelper

Demonstrates how to use the Windows 7 new http protocol to enroll a certificate by calling the IX509EnrollmentHelper::AddEnrollmentServer and X509Enrollment2::Enroll methods. The purpose of the call to the IX509EnrollmentHelper::AddEnrollmentServer is to cache the authentication credential to enrollment server in Windows vault.

security\x509 certificate enrollment\CSharp\enrollWithIX509EnrollmentHelper

enrollWithICertRequest3

Demonstrates how to use the Windows 7 new http protocol to enroll a certificate by calling the IX509Enrollment2:CreateRequest, ICertRequest3::SetCredential, ICertRequest3::Submit and IX509Enrollment2::InstallResponse2 methods. The purpose of the call to the ICertRequest3::SetCredential is to set the authentication credential to enrollment server in the object pointed by the interface ICertRequest3.

security\x509 certificate enrollment\vc\enrollWithICertRequest3

enrollWithIX509EnrollmentHelper

Demonstrates how to use the Windows 7 new http protocol to enroll a certificate by calling the IX509EnrollmentHelper::AddEnrollmentServer and IX509Enrollment2::Enroll methods. The purpose of the call to the IX509EnrollmentHelper::AddEnrollmentServer is to cache the authentication credential to enrollment server in Windows vault.

security\x509 certificate enrollment\vc\enrollWithIX509EnrollmentHelper

Karin Meier-Magruder
Program Manager for Samples
Windows SDK Team