locked
ICredentialProvider without KerbInteractiveUnlockLogonInit RRS feed

  • Question

  • Hi there,

    I'm trying to make a credential provider where the password doesn't actually exist in any form as I'm authenticating via a server.  How do I achieve this without returning a serialised local user? Or do I somehow authenticate an existing user that my povider is associated with?

    Nick


    Somewhere out there...

    • Moved by Jesse Jiang Wednesday, April 17, 2013 2:50 AM
    Tuesday, April 16, 2013 1:59 PM

All replies

  • Maybe I should reiterate, so I'm just working on the GetSerialization of CSampleCredential from the Vista Credential Provider samples.

    I'm not entirely sure what to do at this step as I have a value entered by the user which isnt a password but I need to verify it and return S_OK.  I'm assuming I also need to return a serialised credential, if that's the case will KerbInteractiveUnlockLogonInit work as it's not a local user i'm authenticating against, merely associated with a local user.

    Nick


    Somewhere out there...

    Tuesday, April 16, 2013 2:49 PM
  • Hi,

    According to your description, I'd like to move this thread to "Application Security for Windows Desktop Forum" for better support.

    Here is a link in Chinese that may help you: http://bbs.csdn.net/topics/340113903#post-341619749

    Thanks for your understanding and active participation in the MSDN Forum.
    Regards,


    Elegentin Xie
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, April 17, 2013 2:54 AM
  • Sorry I'm confused, that isn't a Microsoft forum?

    Somewhere out there...

    Wednesday, April 17, 2013 9:44 AM
  • Hi,

    The output of GetSerialization of a credential provider will be the input of LsaLogonUser.

    The package to use is also returned by GetSerialization (by default, NTLM, Kerberos, negotiate).

    Get a look at the AuthenticationInformation field to see what can be the ouput of your credential provider.

    Don't also forget to look for the "unlock bug" when winlogon append the logon id.

    regards,

    vincent

    Thursday, May 9, 2013 5:04 PM