none
Custom Credential Type Provider RRS feed

  • Question

  • Hello,

    I need to create a custom authentication support for Windows CE 5.0. The implemented NTLM does not allow to move a credential from a base platform to a updated platform. It's necessary to add the credentials with NTMLSetUserInfo at system start.

    The custom prodiver shall use the crypto API to implement secure credentials.

    As the AuthHelp API shall be used to validate user access, I think it's necessary to create a new credential typoe provider. Unfortunately the Platform Builder help is incompletely. It does neither show the functions that the type provider shall implement nor what should be implemented here.

    Is there any sample code that I can use as a base for my implementation? Is there a better documentation anywhere?

    Thursday, July 19, 2012 12:03 PM

All replies

  • The Windows Embedded CE 6.0 vesion of the link you posted is a bit more detailed, listing also the functions that the credential provider must implement:

    http://msdn.microsoft.com/en-us/library/ee498748.aspx. For example the default credential type provider DLL (At least what to me it seems being the default credential type provider ) exports:

    LIBRARY credprov
    EXPORTS
    	DllMain
    	HandleBlob	
    	MatchTarget
    	MatchUser
    	Load
    	UnLoad
    HTH


    Luca Calligaris lucaDOTcalligarisATeurotechDOTcom www.eurotech.com Check my blog: http://lcalligaris.wordpress.com

    Friday, July 20, 2012 12:33 PM
  • Thanks for your reply, it is very appreciated.

    The CE 6.0 version of the documentation has added the name of the functions and the links to the function prototypes. Honestly I already guessed these links (correctly). Hence the new page does not help much.

    I have build a DLL exporting all the functions. The implementation stubs send call parameter information debug output. The Load function is called, parameters: dwType=2, dwFlags=0 independent on the values in the registry. My Load function returns ERROR_SUCCESS. Nothing else happens.

    So I am stucked with a DLL that implements the syntax (exported functions) but oviously not the semantic (real implementation of the functions). Therefore I ask for a sample implementation. Is there any source code in WinCE 6 or 7? Or do you know other resources for information?


    • Edited by Harper23 Friday, July 20, 2012 2:00 PM
    Friday, July 20, 2012 12:59 PM
  • "independent on the values in the registry": does it mean that you have followed the documentation and you have created a new primitive type adding the new credential type configuration information to registry
     
    [HKEY_LOCAL_MACHINE\Comm\Security\CredMan\Types\Primitive\2]
     "Dll"="yourdll.dll"
     "Flags"=dword:0

    You'll get calls to the other functions when you do something that involves the credential manager to call your custom credential type provider. For example:

    #include <windows.h>
    #include <stdio.h>
    #include <cred.h>
    #define BLOB_SIZE 10
    int _tmain(int argc, TCHAR *argv[], TCHAR *envp[])
    {
    	CRED Cred;
    	BOOL fRet=FALSE;
    	DWORD dwError=ERROR_SUCCESS;
    	BYTE pBlob[BLOB_SIZE];
    	
    	ZeroMemory(&Cred, sizeof(Cred));
    	Cred.dwVersion=CRED_VER_1;
    	Cred.dwType=2; //must match the actual type you defined or overrided
    	Cred.wszUser = _T("Domain\User");
    	Cred.dwUserLen = _tcslen(Cred.wszUser)+1;
    	Cred.wszTarget = _T("Target");;
    	Cred.dwTargetLen= _tcslen(Cred.wszTarget)+1;
    	Cred.pBlob=pBlob;
    	Cred.dwBlobSize=BLOB_SIZE;
    	dwError = CredWrite(&Cred, 0);
    	return 1;
    }

    You can also use the CETK for the credential manager which will perform some actions which will result in calling your provider


    Luca Calligaris lucaDOTcalligarisATeurotechDOTcom www.eurotech.com Check my blog: http://lcalligaris.wordpress.com


    Friday, July 20, 2012 3:08 PM
  • Yes, I followed the documentation. The type for the primitive is 2.

    I get indeed a HandleBlob call when I call CredWrite. Thanks for the pointer.

    My HandleBlob function still doesn't do anything meaningful. But when it stores the credentials, that are passed with CredWrite, how can I tell the AuthHlp API that it shall utilize my credential type (provider)? Any call to AuthHelpValidateUserA event with parameter AUTH_HELP_FLAGS_NO_NTLM ignores my provider.

    How can my credentials be used for authentication?


    • Edited by Harper23 Friday, August 10, 2012 7:05 AM
    Friday, July 20, 2012 4:03 PM