Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
media
danimation.controls
danimation.programming
devices
drm
dshow.programming
dtransform
encoder
encoder.optimization
hometheaterpc
media
media.beta
media.beta.encoder
mediacenter
mediacenter.portable
mediaplayer
music.products
musicproducer
player
player.plugins
player.skins
player.solaris
player.visualizations
player.web
sdk
server
tools
  
 
date: Tue, 1 Jul 2008 09:31:54 -0700 (PDT),    group: microsoft.public.windowsmedia.sdk        back       


IWMCredentialCallback::AcquireCredentials() and CryptProtectData()    
Hi,

I have been developing a program which creates a push sink publishing
point, pushing to a windows media streaming server. I implemented the
IWMCredentialCallback interface and the AcquireCredentials() callback
to be able to pass the username and password to the streaming server.
I set flags to 0 and pass the username and password in cleartext.

This all works, but when I tried to convert this program into a
service, running under the local system account,
the credentials I passed appearantly are not accepted anymore.
I get the error: hr=-2147012881, which means
ERROR_INTERNET_LOGIN_FAILURE
(the errorcode was hard to find, finally I found this page:
http://www.vbshf.com/vbshf/wsus/sus_error_code.htm)

Does anybody have any ideas on why my credentials are not accepted
when running as local system account?
I suspect that it has something to do with the local system account
not being able to encrypt the credentials using CryptProtectData().
When I run the service under another account, e.g. administrator, my
credentials are getting accepted again.

The documentation on IWMCredentialCallback::AcquireCredentials()
states that I could encrypt the credentials myself using
CryptProtectData(), and I'd like to try that to find out if my
suspicions are correct.

However, the documentation is rather poor on how to do that:
CryptProtectData() has lots of parameters and I suppose I have to use
the same parameters that the SDK uses when it does the encryption for
me.
Also, even if I succeed in encrypting, I don't know how to pass the
encrypted values in the buffers passed to me in
AcquireCredentials().

So my final questions are:
- which parameters do I need in a call to AcquireCredentials()?
- how can I pass the results from AcquireCrendentials() into the
preallocated username and password buffers?

Greetings, and thanks in advance,
Roland Blom
Triple IT
Netherlands
date: Tue, 1 Jul 2008 09:31:54 -0700 (PDT)   author:   Roland

Re: IWMCredentialCallback::AcquireCredentials() and CryptProtectData()    
I have also tested it with the Windows Media Encoder application that
is available from Microsoft.

When I run it as local system account, and set up a similar publishing
point,
pushing to a streaming server, it results in the same error
(hr=-2147012881=0x80072EEF).

So it looks like I'm not doing anything wrong, could it be an inherent
limitation of the SDK?

Also, I tested it on 2 different machines and both show the same
problems.

Greetings,
Roland Blom
Triple IT
Netherlands
date: Wed, 2 Jul 2008 01:48:56 -0700 (PDT)   author:   Roland

Re: IWMCredentialCallback::AcquireCredentials() and CryptProtectData()    
On Jul 2, 10:48 am, Roland  wrote:
> I have also tested it with the Windows Media Encoder application that
> is available from Microsoft.
>
> When I run it as local system account, and set up a similar publishing
> point,
> pushing to a streaming server, it results in the same error
> (hr=-2147012881=0x80072EEF).
>
> So it looks like I'm not doing anything wrong, could it be an inherent
> limitation of the SDK?
>
> Also, I tested it on 2 different machines and both show the same
> problems.
>
> Greetings,
> Roland Blom
> Triple IT
> Netherlands

Well, local system account is not intended for such applications.
Start your windows service under normal user account.

Beside that one you've found, there are other limitations on local
system account, so generally, create special user account, or use
existing one for services.

Jerislav
date: Wed, 2 Jul 2008 02:41:55 -0700 (PDT)   author:   Jerislav

Re: IWMCredentialCallback::AcquireCredentials() and CryptProtectData()    
On Jul 2, 11:41 am, Jerislav  wrote:
>
> Well, local system account is not intended for such applications.
> Start your windows service under normal user account.
>
> Beside that one you've found, there are other limitations on local
> system account, so generally, create special user account, or use
> existing one for services.

I'm not sure I agree with you. I'm building an application which
continuously streams
a windows media stream to a streaming server, without any interaction
with a user.
Also, the process does not have any special requirements, so it sounds
to me
like it's a perfect candidate to run as a service.

Of course, I know that appearently the process does have special
requirements
regarding to encrypting credentials (assuming that that is indeed the
problem),
but it's still strange. I would think I don't need any special
privileges on the machine
running the services, but only on the streaming server I'm connecting
to, which
is what i use the username/password for :-)

Nevertheless, it is a fact that it doesn't work, and indeed I'm now
running the
service under another acccount, but I'm still interested in knowing
how to
do the encryption myself using CryptProtectData().

Greetings,
Roland Blom
Triple IT
Netherlands
date: Wed, 2 Jul 2008 03:48:38 -0700 (PDT)   author:   Roland

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us