RE: Disabled Smartcard logon?
From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 01/10/05
- Next message: lelteto: "Re: WriteProcessMemory"
- Previous message: Mats Pettersson: "Disabled Smartcard logon?"
- In reply to: Mats Pettersson: "Disabled Smartcard logon?"
- Next in thread: Mats Pettersson: "RE: Disabled Smartcard logon?"
- Reply: Mats Pettersson: "RE: Disabled Smartcard logon?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 10 Jan 2005 08:53:03 -0800
Well, EXCLUSIVE mode is exclusive mode, ie. once you opened the read with
exclusive mode others cannot connect. That is how it should be anyway. When
this is the case and you want to use the card from more than one app /
service you need to create a dedicated SERVICE which mediates access to the
card. Applications (including GINA) should connect to the service, not
directly to the reader.
Ask the vendor if they have such service which you can use from your CSP code.
Laszlo Elteto
SafeNet, Inc.
"Mats Pettersson" wrote:
> Hi,
> I’m writing a CSP to be used for Smartcard Logon in Windows XP. I also have
> an other application and service that connects to my smartcard reader with
> SCardConnect with the option EXCLUSIVE MODE. All my calls to the smartcard
> goes throw this application.
>
> The problem I’m having is that the GINA does not react when a smartcard
> reader is present, ones my security services sets the reader in exclusive
> mode. Hence the option press “Ctrl – Alt – delete” or “put in a Smart card”
> is not shown just the default “Ctrl-Alt-Delete”. This makes it impossible for
> me to use SmartCard Login.
>
> I have written a test code and the low level calls SCardEstablishContext,
> SCardListReaders, SCardGetStatusChange works. I installed a pt-GINA and made
> the listed calls from there and they all worked (after the application
> started).
>
> But I still encounter the same problem that only the default message is
> displayed. Or to be more precise the “Put in a smart card” message is shown
> for about a second then the security service starts and only the default
> message is displayed.
>
> I have been in contact with the vendor and according to them the only thing
> they do is connecting to the smartcard in EXCLUSIVE MODE. I have also removed
> there application/service and then every thing worked fine. I’m therefore
> sure that it is causing the problem.
>
> - Is there another way to stop Windows from displaying the “Put in a
> smartcard” message during logon? For example a registry setting?
>
> - Is there a way to activate this functionality again?
>
> Thanks
> /Mats
>
> "Eric Perlin [MS]" wrote:
>
> > Winlogon has to make a few low level smartcard calls before the CSP can be
> > invoked: SCardEstablishContext, SCardListReaders, SCardGetStatusChange,
> > SCardListCards and SCardGetCardTypeProviderName.
> > The fact that the default message is still displayed indicates that one of
> > the first 2 calls fails!
> > How is the other application connecting to the reader/card?
> > --
> > Eric Perlin [MS]
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> > ---
>
>
- Next message: lelteto: "Re: WriteProcessMemory"
- Previous message: Mats Pettersson: "Disabled Smartcard logon?"
- In reply to: Mats Pettersson: "Disabled Smartcard logon?"
- Next in thread: Mats Pettersson: "RE: Disabled Smartcard logon?"
- Reply: Mats Pettersson: "RE: Disabled Smartcard logon?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
