Custom Windows Credential Provider/Filter creates additional Unlock step. RRS feed

  • Question

  • Hi Everyone,

    We have created a Credential Provider that wraps the standard password functionality to add further options to the logon tile, our code is pretty much identical to the SampleWrapExistingCrednetilaProvider provided by Microsoft. In order that we don't confuse users we have also implemented a filter which removes the standard provider from Login and Lock/Unlock scenarios. This is working perfectly and we have no issues with the functionality of the provider or filter.

    The problem is that users report that when our credential provider is installed, they have to go through an additional step during unlock. Normally, without any additional providers installed, the user does Ctrl+Alt+Del and is immediately presented with the password prompt.

    When our provider is installed, the user does Ctrl+Alt+Del and then has to click on a tile that shows their image/logon name before being presented with the password prompt. Only one tile is displayed, so its not that there are multiple credentials to choose from, if we remove our filter we see two credentials, the standard password which we previously filtered, and our own wrapped credentials. 

    Is there anyway we can remove this additional step so that Windows behaves the same way. Or is there a better explanation as to why this happens I can give to customers who point this out.

    Monday, August 12, 2013 4:45 PM

All replies

  • Hi, 

    I have the same problem, however mine also doesn't display the larger tile when locking the computer. I managed to "fix" the password prompt click by storing the usage scenario and in GetCredentialCount setting the default to 0 if the usage scenario is CPUS_CHANGE_PASSWORD. This will only work if you always want the first tile to be selected by default. I'm sure there's a better (and probably correct) way to do this, for some reason a default is not being selected on my provider even though I am just wrapping the default provider and using the values it passes back to me to set the default. 

    Hope this helps in some way

    Monday, September 23, 2013 9:15 PM
  • Thanks,

    This has helped a lot. I am now storing the usage scenario when SetUsageScenario is called and in GetCredentialCount I am returning a default of zero for CPUS_UNLOCK_WORKSTATION, CPUS_CHANGE_PASSWORD and CPUS_LOGON. The experience is similar to the standard logon, whether this is correct or not is another matter. 

    Thursday, September 26, 2013 8:45 PM
  • Hi, 

    Solution provided by you guys is awesome but I want to show default prompt in case of CHANGE PASSWORD scenario without showing any extra tile as you guys are facing in case of UNLOCK scenario.

    Is there anyway we can remove this additional step so that Windows in its default way. I don't have any implementation for CHANGE PASSWORD  scenario.

    Thanks in Advance!!

    Friday, February 19, 2016 10:39 AM