locked
Certificate Credential Provider RRS feed

  • Question

  • Hi!

    For a fallback scenario we want to implement a certificate credential provider to logon with certificates that are located in a p12 or pfx file and are not on a smart card.

    Is there an easy way to implement this.

     

    During my researches I found the GetSerialization method. In the samples there are only common credentials like username, domainname and password packed. In the FAQ part (Serializing) of the document included with the samples I found a line (unfortunately not more) about “serializing Kerberos certificate credentials”. Is it possible to somehow serialize a complete certificate including keys, so that a Kerberos authentication is possible?

     

    If this is not possible maybe this works:

    In the “Windows Vista Smart Card Infrastructure” document there is a “smart card logon flow” described. There is written that the smart card credential provider uses as part of packing the KERB_CERTIFICATE_LOGON structure where the cspdata and containername is specified. I know I cannot use this structure because it is bound to smart card infrastructure, but is it possible to temporarily import the certificate to a certificate store and initiate a Kerberos authentication with e.g. the “Microsoft Base Cryptographic Provider” with the reference to the certificate in the certstore.

     

    The hard way would be to emulate a complete smart card and write a minidriver, but the problem is, as there is no hardware (smartcard) the minidriver is not loaded via the common way through the Smart Card Base CSP. I have no idea how to tell the Base CSP to load the mini diver so that the default smart card credential provider can be used.

     

    I hope you can help me.

     

    Best regards

    Thursday, July 29, 2010 9:04 AM

All replies

  • Hi,

    I know that this is a little bit old. But actually i have the same problem here.

    Does anyone knows How to do that ?

    I am trying to load and use a certificate to authenticate and unlock windows session.

    Thanks.

    Friday, July 10, 2015 4:53 PM