Windows 8.1 - setSelected not called on unlock after a long time (~1 hr), credential tile not refreshed.

Question

Background -
We have developed a custom credential provider that wraps Windows credential provider to provide 2-FA. We are facing an issue specific to Windows 8.1.

Scenario -
Using our code, windows users have two screens during machine login - our custom tile that authenticates a user (by our custom mechanism) followed by the windows tile that authenticates using user's AD credential. 
We have a feature of bypassing our custom authentication upon unlock within x hours (i.e. if a user locks & unlocks their machine within x hrs, 2-FA will be skipped) - the logic to decide which is implemented in a function called from within ICredentialProviderCredential::SetSelected.

What is happening? - 
Ideally windows call SetSelected function whenever a credential tile loads - during both login and unlock scenario. However, in windows 8.1, if the machine is left idle in the locked state for about an hour, the next time user tries to authenticate the credential tile loads maintaining the previous state, not calling SetSelected function for the tile to reload. Due to which our validation logic for whether or not 2-FA should be skipped is not executing upon unlock. 

Expected behavior - In windows lock scenario after ~1 hr, windows should call SetSelected function.
Observed behavior - In windows lock scenario after ~1 hr, SetSelected function is not executed. 

Troubleshooting - 
If we lock the machine, the tile loaded initially on the lock screen is correct and as expected because SetSelected function is called. However if we keep it idle for an hour, the tile is not reloaded again calling the SetSelected function but it retaining the tile which was earlier loaded.

We have verified the same on Windows 7 & 10, and we get the expected behavior with the same implementation. Is there something specific to Windows 8.1 - its behavior or functionality that could explain why the credential tile is not reloaded every time after the machine is left idle?

Answer 1

Hi Auth_Gemalto,

>Observed behavior - In windows lock scenario after ~1 hr, SetSelected function is not executed. 

Does this behavior occurred if you unlock the Windows immediately after lock the computer? Can you reproduce this issue on other Windows 8.1 computers?

 Regards & Fei

---

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

Answer 2

Hi, 

No this is not observed if we unlock the machine immediately - i.e. if we unlock the Windows machine immediately, SetSelected function is called and everything works as expected. Issue is only when machine left idle for long time.

Regards
Ipsha

Answer 3

Hi lpsha,

Thanks for the detailed info. I am trying to reproduce this issue on my side(Windows 8.1, Build 9600), however the ICredentialProviderCredential::SetSelected was called after the windows locked 108 minutes. 

I am testing this issue with sampleallcontrolscredentialprovider, are you able to reproduce this issue use this code sample? If not, would you mind sharing a simple code sample to help us to reproduce this issue?

Regards & Fei

---

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.