SSPI authentication with data from CredUIPromptForWindowsCredentials
- From: vletoux <vincent.letoux@xxxxxxxxx>
- Date: Mon, 14 Sep 2009 22:26:37 -0700 (PDT)
I know that a new api was designed in windows 7 to provide credentials
authentication. Its name is SspiPromptForCredentials.
However in Vista, I want the user to be asked for its credential in a
and then use this credential to logon him using SSPI.
Why ? Because I'm developping a credential provider / SSPI and I want
that my credential provider
is able to work with terminal server in a NLA (network level
Indeed, my credential provider work inside the terminal server session
But first, the terminal server client ask for the credential which is
then passed to CredSSP.
And CredSSP wrap a SSPI Logon.
First step : ask credential using CredUIPromptForWindowsCredentials
and then use SSPI logon.
And to be sure that everything works, I'm using the Negotiate package.
But CredUIPromptForWindowsCredentials return a
KERB_INTERACTIVE_LOGON or a KERB_CERTIFICATE_LOGON and
AcquireCredentialsHandle requires a SEC_WINNT_AUTH_IDENTITY
How the credential are converted ?
I found the function CredUnPackAuthenticationBuffer to convert
KERB_INTERACTIVE_LOGON to SEC_WINNT_AUTH_IDENTITY.
But this logic is specific to login/password scenario.
And it doesn't work with smart card logon.
So : how to convert credential retrieved from
CredUIPromptForWindowsCredentials to AcquireCredentialsHandle ?
Vincent Le Toux
NB : my work is open source and available in http://eidauthenticate.sourceforge.net
- Prev by Date: Re: netuserchangepassword returns NERR_PasswordTooShort
- Next by Date: Re: netuserchangepassword returns NERR_PasswordTooShort
- Previous by thread: netuserchangepassword returns NERR_PasswordTooShort
- Next by thread: Re: SSPI authentication with data from CredUIPromptForWindowsCredentials