WinTrustProviderVerifyTrust

[New - Windows NT]

The WinTrustProviderVerifyTrust function performs a specified verification action on a specified subject. When an application calls the WinVerifyTrust function, WinTrust calls the WinTrustProviderVerifyTrust function of the trust provider that supports the specified action identifier.

LONG WinTrustProviderVerifyTrust(

HWND hwnd, // handle to a window for interacting with the user
GUID *ActionID, // pointer to a trust provider action identifier
LPVOID ActionData // pointer to an action-specific data structure
);  

Parameters

hwnd

Handle to the caller's window. The trust provider can use this value to determine whether it can interact with the user to perform the verification operation indicated by the action identifier. However, trust providers typically perform verification operations without input from the user. This parameter can be one of the following values.

Value Meaning
INVALID_HANDLE_VALUE There is no interactive user. The trust provider performs the verification operation without the user's assistance.
zero The trust provider can use the interactive desktop to display its user interface.
A valid window handle The trust provider can assume that any value other than zero or INVALID_HANDLE_VALUE is a valid window handle that it can use to interact with the user.

ActionID

Pointer to a GUID structure that identifies the action to perform. Each trust provider supports a unique set of action identifiers. The trust provider determines whether the subject identified by the ActionData parameter is trusted for the specified action.

ActionData

Pointer to a buffer that contains information that the trust provider needs to process the specified action identifier. Typically, the data in the buffer includes information that identifies the subject that the trust provider must evaluate. The format and contents of the buffer depend on the action identifier and the trust provider.

Return Values

If the trust provider verifies that the subject is trusted for the specified action, the return value is ERROR_SUCCESS.

Otherwise, the return value is a status code that indicates the error that occurred. For example, a trust provider might indicate that the subject is not trusted, or is trusted but with limitations or warnings. The return value can be a trust-provider - specific value described in the documentation for an individual trust provider, or it can be one of the following error codes defined in WINERROR.H.

Value Meaning
TRUST_E_SUBJECT_NOT_TRUSTED The subject is not trusted for the specified action. Most trust providers return a more detailed error code that describes the reason that the subject is not trusted.
TRUST_E_ACTION_UNKNOWN The trust provider does not support the specified action.
TRUST_E_SUBJECT_FORM_UNKNOWN The trust provider does not support the form specified for the subject.

Remarks

Each trust provider DLL must implement the WinTrustProviderVerifyTrust function. WinTrust gets a pointer to the trust provider's WinTrustProviderVerifyTrust implementation when WinTrust calls the trust provider's WinTrustProviderClientInitialize initialization function.

A trust provider's WinTrustProviderVerifyTrust function executes in the process of the application that called the WinVerifyTrust function. The function also executes in the security context of the application.

The LPWINTRUST_PROVIDER_VERIFY_TRUST type is a pointer to a WinTrustProviderVerifyTrust function.

See Also

GUID, WinTrustProviderClientInitialize, WinVerifyTrust