RE: Disabled Smartcard logon?

From: Mats Pettersson (MatsPettersson_at_discussions.microsoft.com)
Date: 01/11/05

Next message: Sam Hobbs: "Re: WriteProcessMemory"
Previous message: Priya: "IE -> CAPI -> CSP -> RPC Client -> RPC Server -> IE"
In reply to: lelteto: "RE: Disabled Smartcard logon?"
Next in thread: Sektor: "Re: Disabled Smartcard logon?"
Reply: Sektor: "Re: Disabled Smartcard logon?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 10 Jan 2005 23:49:03 -0800

Yes, the vendor supplies such service and I’m already using it in my calls
from the csp. The problem I’m having is that the service/app somehow prevents
the Smartcard Logon GINA option from being displayed. The system does not
react to a smartcard insertion, which makes it impossible for me to test my
csp for winlogon.

- Is there another way to stop Windows from displaying the “Put in a
smartcard” message during logon? For example a registry setting?

- Any idea how I can enable it again?

Thanks
/Mats

"lelteto" wrote:

> Well, EXCLUSIVE mode is exclusive mode, ie. once you opened the read with
> exclusive mode others cannot connect. That is how it should be anyway. When
> this is the case and you want to use the card from more than one app /
> service you need to create a dedicated SERVICE which mediates access to the
> card. Applications (including GINA) should connect to the service, not
> directly to the reader.
> Ask the vendor if they have such service which you can use from your CSP code.
>
> Laszlo Elteto
> SafeNet, Inc.
>
> "Mats Pettersson" wrote:
>
> > Hi,
> > I’m writing a CSP to be used for Smartcard Logon in Windows XP. I also have
> > an other application and service that connects to my smartcard reader with
> > SCardConnect with the option EXCLUSIVE MODE. All my calls to the smartcard
> > goes throw this application.
> >
> > The problem I’m having is that the GINA does not react when a smartcard
> > reader is present, ones my security services sets the reader in exclusive
> > mode. Hence the option press “Ctrl – Alt – delete” or “put in a Smart card”
> > is not shown just the default “Ctrl-Alt-Delete”. This makes it impossible for
> > me to use SmartCard Login.
> >
> > I have written a test code and the low level calls SCardEstablishContext,
> > SCardListReaders, SCardGetStatusChange works. I installed a pt-GINA and made
> > the listed calls from there and they all worked (after the application
> > started).
> >
> > But I still encounter the same problem that only the default message is
> > displayed. Or to be more precise the “Put in a smart card” message is shown
> > for about a second then the security service starts and only the default
> > message is displayed.
> >
> > I have been in contact with the vendor and according to them the only thing
> > they do is connecting to the smartcard in EXCLUSIVE MODE. I have also removed
> > there application/service and then every thing worked fine. I’m therefore
> > sure that it is causing the problem.
> >
> > - Is there another way to stop Windows from displaying the “Put in a
> > smartcard” message during logon? For example a registry setting?
> >
> > - Is there a way to activate this functionality again?
> >
> > Thanks
> > /Mats
> >
> > "Eric Perlin [MS]" wrote:
> >
> > > Winlogon has to make a few low level smartcard calls before the CSP can be
> > > invoked: SCardEstablishContext, SCardListReaders, SCardGetStatusChange,
> > > SCardListCards and SCardGetCardTypeProviderName.
> > > The fact that the default message is still displayed indicates that one of
> > > the first 2 calls fails!
> > > How is the other application connecting to the reader/card?
> > > --
> > > Eric Perlin [MS]
> > > This posting is provided "AS IS" with no warranties, and confers no rights.
> > > ---
> >
> >

Next message: Sam Hobbs: "Re: WriteProcessMemory"
Previous message: Priya: "IE -> CAPI -> CSP -> RPC Client -> RPC Server -> IE"
In reply to: lelteto: "RE: Disabled Smartcard logon?"
Next in thread: Sektor: "Re: Disabled Smartcard logon?"
Reply: Sektor: "Re: Disabled Smartcard logon?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Disabled Smartcard logon?
... Well, EXCLUSIVE mode is exclusive mode, ie. once you opened the read with ... directly to the reader. ... Ask the vendor if they have such service which you can use from your CSP code. ... > I’m writing a CSP to be used for Smartcard Logon in Windows XP. ...
(microsoft.public.platformsdk.security)
Re: SmartCard login despite exclusive mode to reader
... > for about a second then the security service starts and only the default ... > they do is connecting to the smartcard in EXCLUSIVE MODE. ... >>> an other application and service that connects to my smartcard reader ...
(microsoft.public.platformsdk.security)
Re: Smartcard CSP Problem
... You don't need to emulate a smartcard CSP for it to work with S-MIME. ... But your "simulated" smartcard CSP is not going to work for Windows logon. ... > If I understood the concept of the certificate handling in windows, ... > provide certification handling - Does the enrollement task itsself store ...
(microsoft.public.platformsdk.security)
Re: Smartcard logging - No valid certificates found
... Im using the blackberry smart card reader and I dont have problems about the ... compatible with VISTA. ... Im trying to log on to VISTA throug smartcard and when the windows validate ...
(microsoft.public.windows.vista.security)
Re: DEBUGCHK error in smartcard
... I am looking int the CETK. ... If you do not have a CSP you can communicate with the smartcard by using the ... A smartcard CSP will map CryptoAPI calls into Smart Card Resource ...
(microsoft.public.windowsce.platbuilder)