RE: Once again Vista logon (ICredentialProvider)

No, I don't manage to retrieve the credentials. I paused this project several
weeks ago. In fact, I was not able even to enter credentials manually - it
worked, but always caused some delayed crash. Are you able to deal with
manually entered credentials without causing winlogon instability? Maybe I
did wrong decision by using Visual Studio 2003...

There is no GINA on Vista and no notification packages. Similarly,
ICredentialProvider won't work on XP.

"gf" wrote:

> Hi,
> Thank you for replying !
> I compiled an Attributed ATL project with a simple Object with Visual Studio
> 2005 beta 2, I can register the DLL with XP but I can't do that with Vista.
> So I register my DLL manually, it is fine : my DLL is loaded and used.
> I implemented the ICredentialProviderCredential interface but I don't manage
> to replace my GINA : I tried to use "CredEnumerate ()" which failed (failed
> with VIsta, do not fail with XP) ! => I enter credentials manually for the
> moment.
> Do you manage to retrieve credentials ?
>
> "wolf777" wrote:
>
> > Sorry for replying so late - I was out for the last week.
> >
> > In order to make your Credential Provider working, you have to implement
> > ICredentialProviderInterface. It is enough for the test purposes. However, to
> > make something useful (like user logon), you have to deal with
> > ICredentialProviderCredential too.
> >
> > Assuming you have implemented ICredentialProvider in your COM object with
> > some {GUID}, you will need to create subkey under
> > HKEY_CLASSES_ROOT/CLSID/{GUID} and also
> > HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Authentication/Credential
> > Providers/{GUID}. In both cases, the GUID should be enclosed in braces, for
> > example: {18D4EEAA-6328-41A1-9379-D08915333CF2}
> >
> > You don't have to care much about the Credential Providers subkey, just fill
> > some friendly name as its default value (My Provider).
> >
> > As for the CLSID subkey, I don't know exactly, which values are needed, but
> > I can provide you my values list. I am using Attributed COM, so the compiler
> > does it all for me. I can set some attributes in the source code (those are
> > marked as "my choice").
> >
> > HKCR/CLSID/{18D4EEAA-6328-41A1-9379-D08915333CF2}
> > default [REG_SZ] Provider object
> > AppID [REG_SZ] <empty>
> >
> > subkey: InprocServer32
> > default [REG_SZ] <path to the dll> (BTW I don't have it in System32)
> > ThreadingModel [REG_SZ] apartment
> >
> > subkey: ProgID
> > default [REG_SZ] ProviderDll.Provider.1 (my choice)
> >
> > subkey: Programmable
> > default [REG_SZ] <empty>
> >
> > subkey: TypeLib
> > default [REG_SZ] <TypeLib GUID>
> >
> > subkey VersionIndependentProgID
> > default [REG_SZ] ProviderDll.Provider (my choice)
> >
> > Typelib is registered under HKCR/Typelib and has subkey 1.0 (probably as the
> > result of attribute "version"), which has subkeys 0, FLAGS and HELPDIR. 0 has
> > subkey win32, which default value is the path to the provider dll. FLAGS has
> > default value 0 (string that contains zero). HELPDIR has default value the
> > directory of the provider dll.
> >
> > ProviderDLL.Provider and ProviderDLL.Provider.1 subkeys exist under
> > HKEY_CLASSES_ROOT. ProviderDLL.Provider has default value Provider Object,
> > then it has subkey CLSID, which default value is the provider CLSID. It has
> > also the CurVer subkey, which default value is ProviderDll.Provider.1.
> >
> > ProviderDll.Provider.1 contains the same values and keys as
> > ProviderDLL.Provider, excepting the CurVer subkey of course, as this one only
> > applies to the version independent ProgID.
> >
> > I can only recommend to use the attributed programming, because you don't
> > have to care about all those registrations too much. For testing purposes,
> > use the SetUsageScenario() method, which is called first by the winlogon UI.
> > I recommend to return E_FAIL, which tells winlogon UI that your provider is
> > not able to handle the logon session. This prevents it from other methods
> > call, which can easily lead to winlogon UI crash.
> >
> > Hope you will find this post useful. Good luck!
> >
> > "gf" wrote:
> >
> > > Excuse me, I am new to COM and I didn't register correctly my component.
> > > Now it's done my DLL is loaded but everytime "DllGetClassObject () ()" is
> > > called, everytime the RID is the IClassFactory RID => "QueryInterface ()"
> > > never affect a ICredentialProvider object ! None of "ICredentialProvider"
> > > method is called.
> > > Same questions : do I need to implement another interface
> > > (ICredentialProviderCredential) or a Logon UI or a Cred UI ?
> > >
> > > P. S. : for information, register a component is to create a registre key
> > > "{<component GUID>}" under "HKEY_CLASSES_ROOT", under which create a key
> > > "InprocServer32" under which create a value "ThreadingModel" (type : REG_SZ,
> > > value : "Apartment") and set the default value to the DLL name.
> > >
> > > "gf" wrote:
> > >
> > > > Hi all,
> > > > I'm implementing the ICredentialProvider interface to replace my GINA. I
> > > > implemented very simply that interface with tracing into text file each
> > > > method, compiled the DLL, placed it in "\Windows\system32" and create a
> > > > registry key under
> > > > "HKLM/Software/Microsoft/Windows/CurrentVersion/Authentication/Credential
> > > > Providers", rebooted computer but my DLL isn't loaded, and my text file is
> > > > empty.
> > > >
> > > > Have I forgotten something ? Must I implement another interface
> > > > (ICredentialProviderCredential) or a Logon UI or a Cred UI ?
> > > >
> > > > "wolf777" wrote:
> > > >
> > > > > So meanwhile I found the solution myself :-)
> > > > >
> > > > > If there is anybody interested - look at this key in the registry:
> > > > > HKLM/Software/Microsoft/Windows/CurrentVersion/Authentication/CredentialProviders
> > > > >
> > > > > You will find there Microsoft "Password" and "SmartCard" providers and just
> > > > > create a key which name is your provider GUID in the same manner as MS does.
> > > > >
> > > > > Would be great to read it in the SDK :-) And one more tip - when you compile
> > > > > ICredentialProviderCredential implementation, you should add Platform SDK
> > > > > library "Uuid.lib" to your project, otherwise you will get unresolved
> > > > > external errors.
> > > > >
> > > > > This beta development is a real adventure though :-D
> > > > >
> > > > > "wolf777" wrote:
> > > > >
> > > > > > Hi all,
> > > > > >
> > > > > > thanks to help from this community I could finally implement an early
> > > > > > version of Vista Credential Provider, which generally means to implement the
> > > > > > ICredentialProvider using Windows Longhorn Professional SDK Beta 1.
> > > > > >
> > > > > > I built the dll, added some trace-to-file calls to know what actually
> > > > > > happens, registered the dll in Vista and rebooted the computer.
> > > > > > Unfortunatelly, this doesn't work (according to the log, the DLL is only
> > > > > > loaded and unloaded, no method is called).
> > > > > >
> > > > > > My question is: Which steps must I take, to make winlogonUI start using my
> > > > > > dll? I am quite new to COM and windows shell, so I maybe ommit some basic
> > > > > > step... Intuitively, I would expect that one should be able to set somewhere
> > > > > > which credential provider shall be used for logon, as there can be multiple
> > > > > > such provider dlls registered. Is there for example some section in the
> > > > > > registry, where I should put some entries pointing to my dll?
> > > > > >
> > > > > > Thank you in advance, I really appreciate your help which already allowed me
> > > > > > to get so far :-)
.

Relevant Pages

  • RE: Once again Vista logon (ICredentialProvider)
    ... So I register my DLL manually, it is fine: my DLL is loaded and used. ... > You don't have to care much about the Credential Providers subkey, ... > some friendly name as its default value (My Provider). ...
    (microsoft.public.platformsdk.security)
  • RE: Once again Vista logon (ICredentialProvider)
    ... I don't manage to retrieve the credentials. ... but always caused some delayed crash. ... > ICredentialProvider won't work on XP. ... >>> You don't have to care much about the Credential Providers subkey, ...
    (microsoft.public.platformsdk.security)
  • RE: Once again Vista logon (ICredentialProvider)
    ... In order to make your Credential Provider working, ... You don't have to care much about the Credential Providers subkey, ... I am new to COM and I didn't register correctly my component. ... > never affect a ICredentialProvider object! ...
    (microsoft.public.platformsdk.security)
  • Re: How do I use -Credential parameter?
    ... FileSystem and Registry provider do not supprt Credential parameter for V1. ... But when I used those cmdlet with -Credential, ... The provider does not support the use of credentials. ...
    (microsoft.public.windows.server.scripting)
  • Re: Impersonation problem
    ... The statement about any provider being able to take credentials is not ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.security)