Unlock bug in the Hybrid Credential Provider sample
I recently got feedback that my Hybrid Credential Provider sample (see the code download with this article – http://msdn.microsoft.com/msdnmag/issues/07/01/CredentialProviders/) in MSDN magazine doesn’t support the Unlock scenario (i.e. it just supports Logon). Sorry about that!
Few notes about this. First – the credprov sample in the Vista RTM version of the Windows SDK (see "Samples\Security\CredentialProvider" from the SDK root directory) unfortunately has the same bug. Second – five newer credprov samples are available for download via the following link – http://www.microsoft.com/downloads/details.aspx?FamilyID=b1b3cbd1-2d3a-4fac-982f-289f4f4b9300&DisplayLang=en. The latter appear to have been fixed.
Finally, the bug is this – Credential::GetSerialization needs to return a KERB_INTERACTIVE_UNLOCK_LOGON structure instead of a KERB_INTERACTIVE_LOGON (see NTSecAPI.h in the SDK as well as SampleCredentialProvider\SampleCredentialProvider\CSampleCredential.cpp from the new credprov sample set). The following comment from the latter is particularly instructive:
"We use KERB_INTERACTIVE_UNLOCK_LOGON in both unlock and logon scenarios. It contains a KERB_INTERACTIVE_LOGON to hold the creds plus a LUID that is filled in for us by Winlogon as necessary."
Hi Dan,
I am strating to write a Vista Credential Provider and it seems that your sample code for this article was pulled from the MSDN Mag. I don’t care about that simple bug, I’d like to look at the code anyway. Is there anywhere I could download the sample code?
Thank you,
Hector Obregon
Hi Dan,
Recently i gone through your article from MSDN related to “Create Custom Login Experiences With Credential Providers For Windows Vista”. I would like to create my own custom logon experience using voice authentication.basically to voice based.
The sample codes provided here are purely C++ based. Is there any place where i can download C# version of these projects? So that it will be easy for me.
Thanks & Regards,
Rousseau Arulsamy.
Hi Dan,
The CREDUI Scenaria seem to make a call of SetSelected, GetSerialization and then again a SetSelected – and the Provider.dll still be alive during the whole session of RemoteDesktop – then it will be killed unexspected without destruction…?
in every article i’ve read about Credential Providers – you seem to be the one and only expert in this topic:
I have implemented several Prividers for vista and windows 7 – but still one big problem: Do you know, how to detect a successfull (or unsuccessfull) login with CREDUI (e.g. Remote Desktop) – i use some biometric Device in the Background for retrieving User Information – but this device should (of course) be disabled, if logged in
(Usually a login call SetSelected, SetDeselected, GetSerialization,… so we can start biometry within setselected and stop inside SetDeselected).
Do you have any information, how CREDUI Workflow is “ideal” and how a typical Workflow should be with external components that should be started/stopped in a logic way
Thank you in advance,
Bjoern