CREDUI API - Cached credentials don't survive a reboot

---

• From: "Pat" <patrick.philippot@xxxxxxxxxxxxxx>
• Date: Tue, 11 Aug 2009 17:43:33 +0200

---

Hi,

Lets' assume a program that uses the CREDUI API (CredUIPromptForCredentials) to retrieve and store a user's generic credentials for accessing a remote server. The PERSIST flag is set and a call to CredUIConfirmCredentials is made to allow the credentials to stored locally. No problem. No error returned by the system. Everything works well until the system is rebooted. Then the credentials are lost and must be re-entered. I have also tested the CredWrite function. Same results.

I have examined all possible causes that could explain that these credentials are not persisted. To no avail. Yes, the "Network access: Do not allow storage of credentials or .NET Passports for network authentication" policy is disabled and the "Number of previous logons to cache " is OK (only 4 entries from 10 are used). The calling application is run under an administrator account.

The credentials do not appear in "Stored Usernames and Passwords" although they are actually cached because when closing and re-starting the application, the program can find and use them without any problem, even after a logoff/logon. Just, they are cleared after a reboot.

I have seen that I'm not the only one with this problem which occurs only on one system here (all systems are running XP SP3 and the very same code works flawlessly on the other systems). I have verified that all system DLLs are at the very same level on all systems. I have also checked the registry permissions for the keys that are normally used to store persistent credentials. No luck. I'm stuck.

Any idea will be welcome.

Thanks in advance.

--
Patrick

.

---

• Prev by Date: Re: Is it possible to authenticate a user against an untrusted dom
• Next by Date: MsiGetFileSignatureInformationW on invalid certificates
• Previous by thread: Cannot access certificate
• Next by thread: MsiGetFileSignatureInformationW on invalid certificates
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: NTService cant access a share (set to everyone) ... shares without providing any credentials. ... to "Network access: Shares that can be accessed anonymously " ... Give it a reboot to make sure the policy takes effect (you should be able to ... (microsoft.public.windowsxp.security_admin) Secure Network Credentials ... I order for the web-service to authenticate correctly, it needs to be provided with the correct network credentials. ... Also the Microsoft Report Viewer for Reporting Services needs the network credentials for displaying the reports. ... At the moment I don't store the credentials I my application, I only use them when logging in to my application. ... (microsoft.public.dotnet.security) Re: Connecting to DB2 ... It has nothing to do at all with network access: ... socket open either. ... explicit credentials over sockets while ASPNET runs as 'aspnet' or "local ... the connection string contains explicit user credentials. ... (microsoft.public.dotnet.languages.csharp) Re: Different credentials for remote registry/SCM access ... token that has the same local identity but uses different default ... credentials for network access. ... RegEdit from, that will use different credentials for remote access, then ... If the current user were logged in as either the remote machine ... (microsoft.public.platformsdk.security) Re: get self signed certicate stored in .p7b file using Certificate Store (CertOpenstore) ... //in refernce to my problem to obtain credentials the above code ... //how i m opening the certificate store. ... CERT_RDN cert_rdn;// structure to obtain certificate using RDN ... (microsoft.public.platformsdk.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2009-08