Windows can't find .net passport store after logging in with custom gina?

From: WakA (waka_at__remove_home.nl)
Date: 03/16/05


Date: Wed, 16 Mar 2005 02:29:05 +0100

Hello,

I have a similar post open below, but i now believe i have a firmer grasp on
what's going on so i hope with a better description of the problem i can
trigger someone's useful response.
I handle authentication with a usb token through calling LsaLogonUser (in my
custom gina with SECURITY_LOGON_TYPE being Network) with a subauthentication
package for msv1_0, this package authenticates the user for msv1_0 by data
stored on the usbtoken.

When the user has authenticated i pass the usertoken to the variable for
winlogon.

I then call LoadUserProfile and CreateEnvironmentBlock and use
SetEnvironmentVariable for environment variables like APPDATA,USERDOMAIN and
do some general environment things.
I also pass a WLX_PROFILE_V2_0 structure to winlogon in which i specify the
profile path,one "random" Environment string, and a servername.

Everything logs in perfectly and everything works as it should except for
two things. Logging on to network shares on other computers fails as
apparently the computername is unknown to explorer. Also the .net passport
certificates or what you might call them have disappeared and the login
screen for e.g. msn messenger has been disfigured with a stretched bitmap.
Executing "control userpasswords2" and trying to manage .net passwords from
there fails. I can't even add a passport (the wizard seems uneffective as
well).
My guess here is that windows does not know where the .net passport storage
is or that the storage area has been encrypted.

How can I unencrypt or point windows to the right .net passport store.
Also what functions should/can i use to get networking properly functioning?
Or..what am I missing? :P

Regards and thanks in advance,

Chris
 



Relevant Pages

  • Re: Allowing authorized remote users
    ... > MAC Address Authentication? ... Depending on your threat environment, ... > Access Control address that is burnt into each the Network ... > certs, smartcards, or RSA SecurID one-time password tokens, with ...
    (microsoft.public.security)
  • Re: Allowing authorized remote users
    ... MAC Address Authentication? ... Depending on your threat environment, ... Access Control address that is burnt into each the Network ... RSA -- which still dominates ...
    (microsoft.public.security)
  • Aunthentication error (m0)
    ... Microsoft .NET Passport Service. ... be able to authenticate on the Zone with your Nickname. ... You are requesting Kid's Passport authentication. ... You can still play Card & Board games as a guest by ...
    (microsoft.public.games.zone)
  • sign in error (m-0) authentication error
    ... Microsoft .NET Passport Service. ... You are requesting Kid's Passport authentication. ... You can still play Card & Board games as a guest by ...
    (microsoft.public.games.zone)
  • sign in error (m-0)
    ... Microsoft .NET Passport Service. ... You are requesting Kid's Passport authentication. ... You can still play Card & Board games as a guest by ...
    (microsoft.public.games.zone)