CredWrite (advapi32)
Last changed: -194.146.189.99
.
Summary
Save a credential into the windows key ring.

C# Signature:

[DllImport("Advapi32.dll", SetLastError=true, EntryPoint="CredWriteW", CharSet=CharSet.Unicode)]
static extern bool CredWrite([In] ref Credential userCredential, [In] UInt32 flags);

VB Signature:

Declare Function CredWriteW Lib "advapi32.dll" ( _
  ByRef crede As Credential, _
  ByVal flags As UInteger _
) As Boolean

VB.NET type:

<Runtime.InteropServices.StructLayout(Runtime.InteropServices.LayoutKind.Sequential, CharSet:=Runtime.InteropServices.CharSet.Unicode)> _
Structure Credential
   Dim Flags As UInteger
   Dim Type As UInteger
   Dim TargetName$
   Dim Comment$
   Dim LastWritten As System.Runtime.InteropServices.ComTypes.FILETIME
   Dim CredentialBlobSize As UInteger
   Dim CredentialBlob As IntPtr
   Dim Persist As UInteger
   Dim AttributeCount As UInteger
   Dim Attributes As IntPtr
   Dim TargetAlias$
   Dim UserName$
End Structure

User-Defined Types:

enum CRED_TYPE : uint
{
     CRED_TYPE_GENERIC = 1,
     CRED_TYPE_DOMAIN_PASSWORD = 2,
     CRED_TYPE_DOMAIN_CERTIFICATE = 3,
     CRED_TYPE_DOMAIN_VISIBLE_PASSWORD = 4
}

enum CRED_PERSIST : uint
{
     CRED_PERSIST_SESSION = 1,
     CRED_PERSIST_LOCAL_MACHINE = 2,

     CRED_PERSIST_ENTERPRISE = 3
}

[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
private struct Credential
{
     public UInt32 flags;
     public UInt32 type;
     public string targetName;
     public string comment;
     //public System.Runtime.InteropServices.FILETIME lastWritten; // .NET 1.1
     public System.Runtime.InteropServices.ComTypes.FILETIME lastWritten; // .NET 2.0
     public UInt32 credentialBlobSize;
     public IntPtr credentialBlob;
     public UInt32 persist;
     public UInt32 attributeCount;
     public IntPtr credAttribute;
     public string targetAlias;
     public string userName;
}

Notes:

If it's legal for PInvoke.net to swipe Microsoft's own code, the stuff here is even better:

    http://blogs.msdn.com/peerchan/pages/487834.aspx

The stuff on this page about needing custom marshaling are just wrong.

Tips & Tricks:

Needs extensive custom marshaling code. See CredRead to for an example on the custom marshaling code.

Sample Code:

VB.NET

Dim cred As New Credential
Dim strKey$ = "a3b9236"

With cred
  .Flags = 0
  .Type = &H1
  .TargetName = "API_key"
  .Comment = String.Empty
  .CredentialBlobSize = CType(Text.Encoding.Unicode.GetBytes(strKey).Length, UInteger)
  .CredentialBlob = Runtime.InteropServices.Marshal.StringToCoTaskMemUni(strKey)
  .Persist = &H2
  .AttributeCount = 0
  .Attributes = IntPtr.Zero
  .TargetAlias = String.Empty
  .UserName = String.Empty
End With

If CredWriteW(cred, 0) <> True Then
  a = New System.ComponentModel.Win32Exception()
  Console.WriteLine(a.Message)
End If

C#

internal static void AddDomainUserCredential(string target, string userName, string password)
{
     Credential userCredential = new Credential();

     userCredential.targetName = target;
     userCredential.type = (UInt32)CRED_TYPE.CRED_TYPE_DOMAIN_PASSWORD;
     userCredential.userName = userName;
     userCredential.attributeCount = 0;
     userCredential.persist = (UInt32)CRED_PERSIST.CRED_PERSIST_ENTERPRISE;
     byte[] bpassword = Encoding.Unicode.GetBytes(password);
     userCredential.credentialBlobSize = (UInt32)bpassword.Length;
     userCredential.credentialBlob = Marshal.StringToCoTaskMemUni(password);
     if (!Unmanaged.CredWrite(ref userCredential, 0))
     {
     throw new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error());
     }
}

PowerShell

$sig = @"
[DllImport("Advapi32.dll", SetLastError=true, EntryPoint="CredWriteW", CharSet=CharSet.Unicode)]
public static extern bool CredWrite([In] ref Credential userCredential, [In] UInt32 flags);

[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
public struct Credential
{
     public UInt32 flags;
     public UInt32 type;
     public IntPtr targetName;
     public IntPtr comment;
     public System.Runtime.InteropServices.ComTypes.FILETIME lastWritten;
     public UInt32 credentialBlobSize;
     public IntPtr credentialBlob;
     public UInt32 persist;
     public UInt32 attributeCount;
     public IntPtr Attributes;
     public IntPtr targetAlias;
     public IntPtr userName;
}
"@
Add-Type -MemberDefinition $sig -Namespace "ADVAPI32" -Name 'Util'

$cred = New-Object ADVAPI32.Util+Credential
$cred.flags = 0
$cred.type = 2
$cred.targetName = [System.Runtime.InteropServices.Marshal]::StringToCoTaskMemUni('server1')
$cred.userName = [System.Runtime.InteropServices.Marshal]::StringToCoTaskMemUni('domain\user')
$cred.attributeCount = 0
$cred.persist = 2
$password = "password"
$cred.credentialBlobSize = [System.Text.Encoding]::Unicode.GetBytes($password).length
$cred.credentialBlob = [System.Runtime.InteropServices.Marshal]::StringToCoTaskMemUni($password)
[ADVAPI32.Util]::CredWrite([ref]$cred,0)

Alternative Managed API:

Do you know one? Please contribute it! ?

Documentation
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/credwrite.asp