locked
Does Credential Provider still Customizable for Lock Screen on Windows 8? RRS feed

  • Question

  • Hi,

    I’ve tried several approaches for customizing the Credential Provider on Windows 8 but all failed,

    Does Windows 8 still support Credential Provider? or is there any revised version for Credential Provider on Windows 8? Please kindly help on reply, thanks !!

          BR,

          Jim



    ddato190

    Thursday, March 1, 2012 9:55 AM

Answers

  • It seems like that you are running a Win8 x64, are you compiling your credential provider for x64 or x86? If you are on a x64, that based on your procmon logs I think you are, then you will need to build your credential provider DLL for x64 platform.

    ----
    Nima Sharifimehr.
    sbucsc at yahoo dot com

    • Marked as answer by ddato190 Friday, March 2, 2012 4:58 PM
    Friday, March 2, 2012 1:10 PM

All replies

  • Hi Jim,

    I just deployed a windows credential provider on Windows 8 and it seems to be working flawlessly. I used the exact same code/binaries and deployed it the same way as I did on Win7. If you provide more details on the failure that you are experiencing I might be able to help better.

    ----
    Nima Sharifimehr.
    sbucsc at yahoo dot com


    Thursday, March 1, 2012 2:52 PM
  • Hi Numa,

    (1) I built the samplecredentialprovider which worked on Win7 from  

    http://msdn.microsoft.com/en-us/magazine/cc163489.aspx

    (2) Put the SampleAllControlsCredentialProvider.dll under Sytem32 folder,

    (3) Also registered the class_id and dll to credential provider registry.

    the steps are the same as i did on win7, but it failed on win 8.

    everytime i modified the logon ui registry and log out,

    it would turn back to the original lock screen with default password logon page which is not customized by me when i log in again.

    could you help telling me which steps i have lost or made wrong?

    or can you tell me about how you implemented Credential Provider in detail?

    truly thanks for your reply and help very much !!


    ddato190

    Thursday, March 1, 2012 6:01 PM
  • Jim,

    Can you confirm that your credential provider DLL is being loaded by LogonUI.exe? I would suggest using Process Monitor (http://technet.microsoft.com/en-us/sysinternals/bb896645). When you confirm that your DLL is loaded, then we know that this is not being caused because of missing a deployment step. If your DLL is being loaded, but you are not able to see your credential tiles, then remote debugging using msvsmon is the next step.

    ----
    Nima Sharifimehr.
    sbucsc at yahoo dot com

    Thursday, March 1, 2012 6:29 PM
  • Hi , So do I miss the process of deployment? I can not see the tile of my credential provider. Can you please tell me how to deploy ? And please also tell me which version of win8.you are using, thanks a lot !!

    ddato190

    Thursday, March 1, 2012 6:47 PM
  • That is not for sure, first you need to verify that your DLL is not loaded. If you cannot see your credential tile it does not necessarily mean that you have deployment issues. I have been using Windows 8 Developer Preview Edition.

    If you have your provider's CLSID set to {2D910042-B478-48a9-B1C4-F8236D9ECF5D} then you should at least have the following entries in the registry:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{2D910042-B478-48a9-B1C4-F8236D9ECF5D}]
    @="SampleCredentialProvider"

    [HKEY_CLASSES_ROOT\CLSID\{2D910042-B478-48a9-B1C4-F8236D9ECF5D}]
    @="SampleCredentialProvider"

    [HKEY_CLASSES_ROOT\CLSID\{2D910042-B478-48a9-B1C4-F8236D9ECF5D}\InprocServer32]
    @="SampleCredentialProvider.dll"
    "ThreadingModel"="Apartment"

    Also you need to make sure that SampleCredentialProvider.dll is copied in the system32 folder.

    ----
    Nima Sharifimehr.
    sbucsc at yahoo dot com

    Thursday, March 1, 2012 9:43 PM
  • Hi Nima,

    I've tried the process monitor,

    First I Registered the three registry keys and put my dll into system32 folder,

    and lock the computer, unlock again,

    after that, i run the process monitor and can't see any process related to LogonUI.exe,

    is there any wrong with my steps? thanks!!


    ddato190

    Friday, March 2, 2012 4:20 AM
  • Hi Nima

    I've Found that my Credential Provider has been executed as follows:

    is there any problem? because it seemes to have been found and loaded?

    FF032558-38DA-4472-B969-31A636B7E5C7 is the CLSID

    Thanks a lot !!

    Time of Day Process Name PID Operation Path Result Detail
    23:41.4 LogonUI.exe 4292 RegOpenKey HKCR\ActivatableClasses\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7} NAME NOT FOUND Desired Access: Read
    23:41.4 LogonUI.exe 4292 RegQueryKey HKCR SUCCESS Query: HandleTags, HandleTags: 0x0
    23:41.4 LogonUI.exe 4292 RegOpenKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7} SUCCESS Desired Access: Read
    23:41.4 LogonUI.exe 4292 RegQueryKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7} SUCCESS Query: HandleTags, HandleTags: 0x0
    23:41.4 LogonUI.exe 4292 RegOpenKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7}\TreatAs NAME NOT FOUND Desired Access: Query Value
    23:41.4 LogonUI.exe 4292 RegQueryKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7} SUCCESS Query: Name
    23:41.4 LogonUI.exe 4292 RegQueryValue HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7}\(Default) SUCCESS Type: REG_SZ, Length: 72, Data: SampleAllControlsCredentialProvider
    23:41.4 LogonUI.exe 4292 RegQueryValue HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7}\(Default) SUCCESS Type: REG_SZ, Length: 72, Data: SampleAllControlsCredentialProvider
    23:41.4 LogonUI.exe 4292 RegQueryKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7} SUCCESS Query: HandleTags, HandleTags: 0x0
    23:41.4 LogonUI.exe 4292 RegOpenKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7}\InprocServer32 SUCCESS Desired Access: Read
    23:41.4 LogonUI.exe 4292 RegQueryValue HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7}\InprocServer32\InprocServer32 NAME NOT FOUND Length: 144
    23:41.4 LogonUI.exe 4292 RegQueryValue HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 80, Data: SampleAllControlsCredentialProvider.dll
    23:41.4 LogonUI.exe 4292 RegQueryValue HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 80, Data: SampleAllControlsCredentialProvider.dll
    23:41.4 LogonUI.exe 4292 RegQueryValue HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7}\InprocServer32\ThreadingModel SUCCESS Type: REG_SZ, Length: 20, Data: Apartment
    23:41.4 LogonUI.exe 4292 RegCloseKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7}\InprocServer32 SUCCESS
    23:41.4 LogonUI.exe 4292 RegQueryKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7} SUCCESS Query: HandleTags, HandleTags: 0x0
    23:41.4 LogonUI.exe 4292 RegOpenKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7}\InprocHandler32 NAME NOT FOUND Desired Access: Query Value
    23:41.4 LogonUI.exe 4292 RegQueryKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7} SUCCESS Query: HandleTags, HandleTags: 0x0
    23:41.4 LogonUI.exe 4292 RegOpenKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7}\InprocHandler NAME NOT FOUND Desired Access: Query Value
    23:41.4 LogonUI.exe 4292 RegCloseKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7} SUCCESS
    23:41.4 LogonUI.exe 4292 RegOpenKey HKU\S-1-5-18_Classes NAME NOT FOUND Desired Access: Maximum Allowed
    23:41.4 LogonUI.exe 4292 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
    23:41.4 LogonUI.exe 4292 RegOpenKey HKCR SUCCESS Desired Access: Maximum Allowed, Granted Access: All Access
    23:41.4 LogonUI.exe 4292 RegQueryKey HKCR SUCCESS Query: HandleTags, HandleTags: 0x0
    23:41.4 LogonUI.exe 4292 RegOpenKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7} SUCCESS Desired Access: Read
    23:41.4 LogonUI.exe 4292 RegCloseKey HKCR SUCCESS
    23:41.4 LogonUI.exe 4292 RegQueryKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7} SUCCESS Query: HandleTags, HandleTags: 0x0
    23:41.4 LogonUI.exe 4292 RegOpenKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7}\TreatAs NAME NOT FOUND Desired Access: Read
    23:41.4 LogonUI.exe 4292 RegCloseKey HKCR\CLSID\{FF032558-38DA-4472-B969-31A636B7E5C7} SUCCESS
    23:41.4 LogonUI.exe 4292 CreateFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS Desired Access: Read Attributes, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 QueryBasicInformationFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS CreationTime: 3/2/2012 12:13:43 PM, LastAccessTime: 3/2/2012 12:13:43 PM, LastWriteTime: 3/1/2012 8:08:15 PM, ChangeTime: 3/1/2012 8:08:15 PM, FileAttributes: A
    23:41.4 LogonUI.exe 4292 CloseFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS
    23:41.4 LogonUI.exe 4292 CreateFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 CreateFileMapping C:\Windows\System32\SampleAllControlsCredentialProvider.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: 
    23:41.4 LogonUI.exe 4292 CreateFileMapping C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS SyncType: SyncTypeOther
    23:41.4 LogonUI.exe 4292 CloseFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS
    23:41.4 LogonUI.exe 4292 CreateFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS Desired Access: Read Attributes, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 QueryBasicInformationFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS CreationTime: 3/2/2012 12:13:43 PM, LastAccessTime: 3/2/2012 12:13:43 PM, LastWriteTime: 3/1/2012 8:08:15 PM, ChangeTime: 3/1/2012 8:08:15 PM, FileAttributes: A
    23:41.4 LogonUI.exe 4292 CloseFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS
    23:41.4 LogonUI.exe 4292 CreateFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 CreateFileMapping C:\Windows\System32\SampleAllControlsCredentialProvider.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: 
    23:41.4 LogonUI.exe 4292 CreateFileMapping C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS SyncType: SyncTypeOther
    23:41.4 LogonUI.exe 4292 CloseFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS
    23:41.4 LogonUI.exe 4292 CreateFile C:\Windows\System\SampleAllControlsCredentialProvider.dll NAME NOT FOUND Desired Access: Read Attributes, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 CreateFile C:\Windows\SampleAllControlsCredentialProvider.dll NAME NOT FOUND Desired Access: Read Attributes, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 CreateFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS Desired Access: Read Attributes, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 QueryBasicInformationFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS CreationTime: 3/2/2012 12:13:43 PM, LastAccessTime: 3/2/2012 12:13:43 PM, LastWriteTime: 3/1/2012 8:08:15 PM, ChangeTime: 3/1/2012 8:08:15 PM, FileAttributes: A
    23:41.4 LogonUI.exe 4292 CloseFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS
    23:41.4 LogonUI.exe 4292 CreateFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 CreateFileMapping C:\Windows\System32\SampleAllControlsCredentialProvider.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: 
    23:41.4 LogonUI.exe 4292 CreateFileMapping C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS SyncType: SyncTypeOther
    23:41.4 LogonUI.exe 4292 CloseFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS
    23:41.4 LogonUI.exe 4292 CreateFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS Desired Access: Read Attributes, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 QueryBasicInformationFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS CreationTime: 3/2/2012 12:13:43 PM, LastAccessTime: 3/2/2012 12:13:43 PM, LastWriteTime: 3/1/2012 8:08:15 PM, ChangeTime: 3/1/2012 8:08:15 PM, FileAttributes: A
    23:41.4 LogonUI.exe 4292 CloseFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS
    23:41.4 LogonUI.exe 4292 CreateFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 CreateFileMapping C:\Windows\System32\SampleAllControlsCredentialProvider.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: 
    23:41.4 LogonUI.exe 4292 CreateFileMapping C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS SyncType: SyncTypeOther
    23:41.4 LogonUI.exe 4292 CloseFile C:\Windows\System32\SampleAllControlsCredentialProvider.dll SUCCESS
    23:41.4 LogonUI.exe 4292 CreateFile C:\Windows\SampleAllControlsCredentialProvider.dll NAME NOT FOUND Desired Access: Read Attributes, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 CreateFile C:\Windows\System32\wbem\SampleAllControlsCredentialProvider.dll NAME NOT FOUND Desired Access: Read Attributes, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 CreateFile C:\Windows\System32\WindowsPowerShell\v1.0\SampleAllControlsCredentialProvider.dll NAME NOT FOUND Desired Access: Read Attributes, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 CreateFile C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\SampleAllControlsCredentialProvider.dll NAME NOT FOUND Desired Access: Read Attributes, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 CreateFile C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v2.0\SampleAllControlsCredentialProvider.dll NAME NOT FOUND Desired Access: Read Attributes, Dis"21" style="height:15.75pt;"> 23:41.4 LogonUI.exe 4292 CreateFile C:\Program Files\Microsoft SQL Server\110\Tools\Binn\SampleAllControlsCredentialProvider.dll NAME NOT FOUND

    Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a


    ddato190

    Friday, March 2, 2012 4:36 AM
  • It seems like that you are running a Win8 x64, are you compiling your credential provider for x64 or x86? If you are on a x64, that based on your procmon logs I think you are, then you will need to build your credential provider DLL for x64 platform.

    ----
    Nima Sharifimehr.
    sbucsc at yahoo dot com

    • Marked as answer by ddato190 Friday, March 2, 2012 4:58 PM
    Friday, March 2, 2012 1:10 PM
  • Hi Nima,

    thanks very much for your help ~~

    after rebuild for x64, it works now ~~


    ddato190

    Friday, March 2, 2012 4:58 PM
  • Hi Nima

    My English is very poor! Can you speek Chinese?

    I find this have spent on a long time. It's luckly to find you!

    Can you tell me how to run credential provider for x64, I am very anxious,thanks!

    and my email is qiangfu001@163.com.

    Monday, June 4, 2012 9:51 AM
  • Hi Nima,

    I did the steps mentioned by "ddato190" exactly and I build the sampleCredentialProvider.dll for x64 platform. Still I am not able to see my credential provider tile on logon UI.

    I did the implementation of "V2 provider", What could have went wrong?

    Point me the places to look for the cause of issue.

    Any help would be appreciated.

    Thanks,

    Ranga

    Monday, May 27, 2013 9:04 AM
  • Hi nima please check this code this code not calling IID_ICredentialProviderSetUserArray interface please find where i did wrong please help me

    #pragma once

    #include <credentialprovider.h>
    #include <windows.h>
    #include <strsafe.h>

    #include "PasswordResetCredential.h"
    #include "helpers.h"

    class CSampleProvider : public ICredentialProvider,public ICredentialProviderSetUserArray 
    {
      public:
        // IUnknown
        STDMETHOD_(ULONG, AddRef)()
        {
            return _cRef++;
        }
        
        STDMETHOD_(ULONG, Release)()
        {
            LONG cRef = _cRef--;
            if (!cRef)
            {
                delete this;
            }
            return cRef;
        }

        STDMETHOD (QueryInterface)(REFIID riid, void** ppv)
        {
            HRESULT hr;
            if (IID_IUnknown == riid || 
                IID_ICredentialProvider == riid || IID_ICredentialProviderSetUserArray==riid)
            {
                *ppv = this;
                reinterpret_cast<IUnknown*>(*ppv)->AddRef();
                hr = S_OK;
            }
            else
            {
                *ppv = NULL;
                hr = E_NOINTERFACE;
            }
            return hr;
        }

      public:
        IFACEMETHODIMP SetUsageScenario(CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus, DWORD dwFlags);
        IFACEMETHODIMP SetSerialization(const CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION* pcpcs);

        IFACEMETHODIMP Advise(__in ICredentialProviderEvents* pcpe, UINT_PTR upAdviseContext);
        IFACEMETHODIMP UnAdvise();

        IFACEMETHODIMP GetFieldDescriptorCount(__out DWORD* pdwCount);
        IFACEMETHODIMP GetFieldDescriptorAt(DWORD dwIndex,  __deref_out CREDENTIAL_PROVIDER_FIELD_DESCRIPTOR** ppcpfd);

        IFACEMETHODIMP GetCredentialCount(__out DWORD* pdwCount,
                                          __out DWORD* pdwDefault,
                                          __out BOOL* pbAutoLogonWithDefault);
        IFACEMETHODIMP GetCredentialAt(DWORD dwIndex, 
                                       __out ICredentialProviderCredential** ppcpc);
    IFACEMETHODIMP SetUserArray (__in ICredentialProviderUserArray * users);
        friend HRESULT CSampleProvider_CreateInstance(REFIID riid, __deref_out void** ppv);

      protected:
        CSampleProvider();
        __override ~CSampleProvider();
        
      private:
          void _CleanUpAllCredentials();
        
    private:
        LONG                _cRef;
        CSampleCredential   **_rgpCredentials;          // Pointers to the credentials which will be enumerated by this 
                                                        // Provider.

        ICredentialProvider *_pWrappedProvider;         // Our wrapped provider.
        DWORD               _dwCredentialCount;         // The number of credentials provided by our wrapped provider.
        DWORD               _dwWrappedDescriptorCount;  // The number of fields on each tile of our wrapped provider's 
                                                        // credentials.
        bool                _bEnumeratedSetSerialization;
    ICredentialProviderUserArray*  _pCredProviderUserArray;
    };

    Wednesday, June 19, 2013 3:40 PM