locked
Does Credential Provider Have Auto Logon Possibility? RRS feed

  • Question

  • Hi,

    I've successfully implemented Credential Provider for my own logon,

    but is there any way that i can code in Credential Provider to automatically logon with prepared username and password?

    I know the logon sequence would go through

    ::GetSerialization

    but can't find a way to write codes to implement auto-logon,

    please help if any suggestion, thanks !!


    ddato190

    Monday, March 5, 2012 9:57 AM

Answers

  • You will need to implement ICredentialProviderCredential::SetSelected and return TRUE in the output parameter "pbAutoLogon". This method from ICredentialProviderCredential interface will be called automatically when your credential tile is selected and if you return TRUE in "pbAutoLogon" output parameter then ICredentialProviderCredential::GetSerialization will be called. If the call to GetSerialization goes through successfully and valid authentication data (i.e. username/password) is provided, then you will be automatically logged in.

    ----
    Nima Sharifimehr.
    sbucsc at yahoo dot com


    Monday, March 5, 2012 4:43 PM

All replies

  • You will need to implement ICredentialProviderCredential::SetSelected and return TRUE in the output parameter "pbAutoLogon". This method from ICredentialProviderCredential interface will be called automatically when your credential tile is selected and if you return TRUE in "pbAutoLogon" output parameter then ICredentialProviderCredential::GetSerialization will be called. If the call to GetSerialization goes through successfully and valid authentication data (i.e. username/password) is provided, then you will be automatically logged in.

    ----
    Nima Sharifimehr.
    sbucsc at yahoo dot com


    Monday, March 5, 2012 4:43 PM
  • Hi Nima,

    by the way, is it possible to logon without password?

    since I haven't seen any implementation about this, could it be possible?

    thanks !!


    ddato190

    Tuesday, March 6, 2012 4:06 AM
  • That all depends on the underlying authentication engine, as the output from the ICredentialProviderCredential::GetSerialization is passed to authentication engine (i.e. Kerberos, NTLM, ...) and needs to contain the required information by the corresponding authentication engine. If the default engines do not have the functionality you need, I believe that you may develop your own custom security support provider (SSP).

    ----
    Nima Sharifimehr.
    sbucsc at yahoo dot com

    Tuesday, March 6, 2012 3:16 PM
  • That all depends on the underlying authentication engine, as the output from the ICredentialProviderCredential::GetSerialization is passed to authentication engine (i.e. Kerberos, NTLM, ...) and needs to contain the required information by the corresponding authentication engine. If the default engines do not have the functionality you need, I believe that you may develop your own custom security support provider (SSP).

    ----
    Nima Sharifimehr.
    sbucsc at yahoo dot com

    Hi Nima!

    I have seen your answers in a lot of foros. I am trying to do a Credential provider with finger print, but finger print not with windows 7 biometric provider, with our own fingerprint sensors. 

    My problem is : how can I join my code with a sample credential provide code??  because i dont know which is Credential Provider Calling Sequence.

    Can you help me with this question?if i add code with identifierfinger print method, and it give me user, pass and domain...where is it better to call?GetSerialization?I am very lost in this issue! Help me please.

    Thanks!!!!!

    natalia

    Tuesday, July 10, 2012 9:39 AM
  • Adding your code in the implementation of ICredentialProviderCredential::GetSerialization should work just fine. I do not recall if the call to ICredentialProviderCredential::GetSerialization has any timeout, so you could capture the users fingerprint and extract the required login credential to fill the buffer passed to GetSerialization method. Though you can always play around with your credential provider tile and capture the fingerprint(s) before GetSerialization method is called. Are you experiencing any specific issue calling your fingerprint capture method from within GetSerialization?

    ----
    Nima Sharifimehr.
    sbucsc at yahoo dot com


    Tuesday, July 10, 2012 12:59 PM
  • Hi Nima!!

    Thanks for your answer.

    In my method i send some byte to finger print device .

    Device identify the person who is in memory, and returns to me User, pass and domain. I knew that GetSerialization was the engine of credential provider, but i didnt knwo how is the calling sequence  progress..I will try to add my code into GetSerialization and tomorrow i will write you. But I am a little bit frustated...with Credential Provider.

    Thanks a lot!

    Tuesday, July 10, 2012 2:19 PM
  • Good Morning!

    Yesterday, i added my code but nothing happen.

    When is GetSerialization called? after press submit button? i have to send BN_CLICKED to credential provider in somewhere...i dont know if GetSerialization is called after click button in normal cases, or...

    Maybe i have to load my finger print credntial in _rgFieldStrings[SFI_XXXXXX], i dont know where in the code, because...

    My main problem is that i dont know the methods call sequence...can you help me? do you have documentation calls sequence...? I think that if i dont know this sequence...i am programming blindly.

    Thanks before all.

    NAtalia

    Wednesday, July 11, 2012 9:53 AM
  • GetSerialization is called when submit button is pressed. Are you looking for a way to change that behavior? You could also tweak your implementation of ICredentialProviderCredential::SetSelected to enforce an auto-logon attempt. If you return TRUE in "pbAutoLogon" (the param passed to ICredentialProviderCredential::SetSelected), then ICredentialProviderCredential::GetSerialization will be called right away (without the need for user to press any submit button). You can always add trace logs to your sample code and get a sense for the methods call sequence or just use your debugger and attach to LogonUI.exe to debug your code. Unfortunately, I do not know the methods call sequence off the top of my head and I am not aware of any online article about it either.

    ----
    Nima Sharifimehr.
    sbucsc at yahoo dot com

    Wednesday, July 11, 2012 12:53 PM
  • Hi!!!

    Now i have just tried and i can see another behavior.

    Autologon=true,

    This configuration affects the credential providers that were created here: HRESULT CSampleProvider :: _EnumerateCredentials (), an administrator and guest, but those accounts are not created/existed in windows ... have been created directly on the sample credential code ... so -> "ERROR account is not defined"

    Whereupon, I dont manage account that are created/defined in windows.
    What I can do to manage all the credentials of the computer and every change in my code apply to every account ? 

    Do you know what i mean? It is so dificult to explain, because i have a lot os questions about credential provider behavior...and i've never programmed this...

    Thanks a lot!

    PD: When i write about Sample Credendial Provider is about this example: http://www.microsoft.com/en-us/download/details.aspx?id=4057 maybe with this data/note it is easier to understand me...

    Wednesday, July 11, 2012 3:49 PM