WinVerifyTrust

[New - Windows NT]

The WinVerifyTrust function performs a specified verification action on a specified subject. The function passes the inquiry to the trust provider, if any, that supports the action identifier.

LONG WinVerifyTrust(

HWND hwnd, // handle to a window for interacting with the user
GUID *ActionID, // pointer to a trust provider action identifier
LPVOID ActionData // pointer to a buffer containing action-specific data
);  

Parameters

hwnd

Handle to the caller's window. The trust provider can use this value to determine whether it can interact with the user. However, trust providers typically perform verification actions with input from the user.

This parameter can be one of the following values.

Value Meaning
INVALID_HANDLE_VALUE There is no interactive user. The trust provider performs the verification action without the user's assistance.
Zero The trust provider can use the interactive desktop to display its user interface.
A valid window handle A trust provider can treat any value other than INVALID_HANDLE_VALUE or zero as a valid window handle that it can use to interact with the user.

ActionID

Pointer to a GUID structure that identifies an action, and implicitly, the trust provider that supports the action identifier. This value indicates the type of verification action to perform on the subject identified by the ActionData parameter.

The WinTrust service is designed to work with trust providers implemented by third parties. Each trust provider provides its own unique set of action identifiers. For information about the action identifiers supported by a trust provider, see the documentation for that trust provider.

For example, Microsoft provides a Software Publisher Trust Provider that can establish the trustworthiness of software being downloaded from a public network, such as the internet. The Software Publisher Trust Provider supports the following action identifiers.

Value Description
WIN_SPUB_ACTION_TRUSTED_PUBLISHER  
  The ActionData parameter is a pointer to a WIN_SPUB_TRUSTED_PUBLISHER_DATA structure.
WIN_SPUB_ACTION_NT_ACTIVATE_IMAGE  
  The ActionData parameter is a pointer to a WIN_TRUST_ACTDATA_CONTEXT_WITH_SUBJECT structure.
WIN_SPUB_ACTION_PUBLISHED_SOFTWARE  
  The ActionData parameter is a pointer to a WIN_TRUST_ACTDATA_CONTEXT_WITH_SUBJECT structure.

ActionData

Pointer to a buffer that contains information that the trust provider needs to process the specified action identifier. Typically, the data in the buffer includes information that identifies the subject that the trust provider must evaluate.

The format of the data depends on the action identifier. For information about the data required for a specific action identifier, see the documentation for the trust provider that supports that action.

Return Values

If the trust provider verifies that the subject is trusted for the specified action, the return value is ERROR_SUCCESS.

Otherwise, the return value is the status code returned by the trust provider. For example, a trust provider might indicate that the subject is not trusted, or is trusted but with limitations or warnings. The return value can be a trust-provider-specific value described in the documentation for an individual trust provider, or it can be one of the following error codes.

Value Meaning
TRUST_E_SUBJECT_NOT_TRUSTED The subject failed the specified verification action. Most trust providers return a more detailed error code that describes the reason for the failure.
TRUST_E_PROVIDER_UNKNOWN The trust provider is not recognized on this system.
TRUST_E_ACTION_UNKNOWN The trust provider does not support the specified action.
TRUST_E_SUBJECT_FORM_UNKNOWN The trust provider does not support the form specified for the subject.

Remarks

The WinVerifyTrust function enables applications to invoke a trust provider to verify that a specified subject satisfies the criteria of a specified verification operation. The ActionID parameter identifies the verification operation, and the ActionData parameter identifies the subject. A trust provider is a DLL registered with WinTrust. When you call WinVerifyTrust, the WinTrust service forwards the call to the registered trust provider, if there is one, that supports the specified action identifier.

For example, the Software Publisher Trust Provider can verify that an executable image file comes from a trusted software publisher and that the file has not been modified since it was published. In this case, the ActionData parameter specifies the name of the file and the type of file, such as a Microsoft Portable Executable image file or a Java class file.

Each trust provider supports a specific set of actions that it can evaluate. Each action has a globally unique identifier (GUID) that identifies it. A trust provider can support any number of action identifiers, but two trust providers cannot support the same action identifier.

See Also

GUID, WIN_TRUST_ACTDATA_CONTEXT_WITH_SUBJECT