davidweiss2 / windows-credential-provider-library Goto Github PK

This repository will be updated with all the examples and links that I can find with relevant knowledge & information about CP in MS Windows vista up to version 10.

License: MIT License

C++ 88.20% C 11.80%

microsoft credentials provider credential providers logon winlogon icredentialprovider authentication authorization

windows-credential-provider-library's People

Contributors

Stargazers

Watchers

Forkers

5up3rc 276585877 ovolmar chen1169968275 aikuimail lyonken1 supremegenius modulexcite codesniffer usmansabir esnce kevinmiles gmarano wilting wb1t orbitroom abljalil ycflash sschoen 5433d-r32433 ijat ugochirico bigeor ericmaino jasonkolodziej jerrychuang7193 fengjixuchui julienguillaume toggit ankitdeopurkar007 mhabiburrahman7 zeshan-xeesoft rainiertrust upssospemoorthy shengche kar98kar 20150723 layfly1297 thewaca alonsoinestroza09 sweehee basicdayz greekscoder rocker9527 kostyan6812 songbei6

windows-credential-provider-library's Issues

Display message box after authentication .

Thank you so much for creating this wonderful project.
Current we are able to open the message box before authenticating the user.
Sample code:
`HRESULT CSampleCredential::GetSerialization(
__out CREDENTIAL_PROVIDER_GET_SERIALIZATION_RESPONSE* pcpgsr,
__out CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION* pcpcs,
__deref_out_opt PWSTR* ppwszOptionalStatusText,
__out CREDENTIAL_PROVIDER_STATUS_ICON* pcpsiOptionalStatusIcon
)
{
HRESULT hr = E_UNEXPECTED;
count++;
if (_pWrappedCredential != NULL)
{
hr = _pWrappedCredential->GetSerialization(pcpgsr, pcpcs, ppwszOptionalStatusText, pcpsiOptionalStatusIcon);
/**tmpcpgsr = *pcpgsr;
*tmpcpcs = tmpcpcs;/

    HWND hwndOwner2 = nullptr;

    if (_pCredProvCredentialEvents)
    {
        _pCredProvCredentialEvents->OnCreatingWindow(&hwndOwner2);
    }

    if (true) {
        int i1;
        //// Pop a messagebox indicating the click.
        i1 = MessageBox(hwndOwner2, L"Click to proceed", L"Action", 1L);
        PrintLn("Ironcloud Dvi messagebox output:(%d)", i1);

        if (i1 == 1) {

        }
        else if (i1 == 2) {
            hr = -1;
        }
        else {
            hr = -1;
        }
    }`

Is it possible to display the message box after authenticating the user, but before displaying the desktop?

Regards,
Rajat KP

[Help | General ] CP is not available for all users

The CP is only available for one user all the time, the login options are not being displayed on all users, can anyone please help me understand the issue

pGina service is not shutting down

Hi,
I am facing this when I restart the machine , the windows shows the pgina service is shutting down which will never happen. I have to revert the force stop it.
Can anyone help pls?

Loop on other user tail

Ho David,
I've a pc joined with a Microsoft DC, of i switch on other user tail cp go unto loop and i never can login ....otherwise if i have a user tail selected Always works well.

Can you help me to find the issue???
Thanks

Addition to list

Hi!

I wrote some random thoughts on writing a credential provider and authentication package, after having dealt with it. I figure these might help if they're added to the list, as I found these the key points I was missing to get things to work.
https://gist.github.com/rileyg98/228bed3040034be3b03f39aec8dbed72

When system is Locked, CPUS_UNLOCK_WORKSTATION in a Custom Credential Provider, DomainPassword Expiry Scenario is not working and not displaying Password change UI.

Hi,
I am writing a Custom Windows Credential Provider using C++ on Windows 10, where I have implemented the domain password expiry in my code and I am able to change the Domain password looking into this blog. How can I handle password expiry in the credential provider?
But there is one scenario, where in LOCK condition, CPUS_UNLOCK_WORKSTATION_condition, I am not able to load the Change Password UI for domain password expiry.

With this following code below:

_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_LOGIN_NAME, CPFS_HIDDEN );
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_PASSWORD,CPFS_HIDDEN );

for the above two statements, the code works fine and it hides the field components for Username and Passwords.

And I am facing problems for the below lines of code statements:

_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_OLDPASSWORD_TEXT, CPFS_DISPLAY_IN_SELECTED_TILE);
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_OLDPASSWORD, CPFS_DISPLAY_IN_SELECTED_TILE);			
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_NEWPASSWORD_TEXT, CPFS_DISPLAY_IN_SELECTED_TILE);		
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_NEWPASSWORD, CPFS_DISPLAY_IN_SELECTED_TILE);			
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_CONFPASSWORD_TEXT,CPFS_DISPLAY_IN_SELECTED_TILE);			
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_CONFPASSWORD,CPFS_DISPLAY_IN_SELECTED_TILE);
_pCredProvCredentialEvents->SetFieldState((ICredentialProviderCredential*)this, SFI_SUBMIT_BUTTON, CPFS_DISPLAY_IN_SELECTED_TILE);

I am not able to load these fields. these APIs are failing to load fields OldPasswordText, OldPassword, NewPasswordText, NewPassword, ConfirmPasswordText and ConfirmPassword and Submitbutton.

I am calling this function from Credential :: Initialize().
I am calling Initialize() function from ReportResult()

 Credential ::ReportResult()
 { 
   //with _cpus = CPUS_UNLOCK_WORKSTATION 
           if (ntsStatus == STATUS_PASSWORD_MUST_CHANGE || (ntsStatus == STATUS_ACCOUNT_RESTRICTION && ntsSubstatus 
           == STATUS_PASSWORD_EXPIRED))
          {
                  Initialize(_cpus, s_rgCredProvFieldDescriptors, s_rgFieldStatePairs, nullptr);
           }
 }

below lines of code are from logfiles, which I am providing for reference.

Initialize() FAILED SFI_OLDPASSWORD_TEXT: 183 where 183 is the value, I am getting from GetLastError()
Initialize() FAILED SFI_OLDPASSWORD: 183
Initialize() FAILED SFI_OLDPASSWORD: 183
Initialize() FAILED SFI_NEWPASSWORD_TEXT: 183
Initialize() FAILED SFI_NEWPASSWORD_TEXT: 183
Initialize() FAILED SFI_NEWPASSWORD: 183
Initialize() FAILED SFI_CONFPASSWORD_TEXT: 183
Initialize() FAILED SFI_CONFPASSWORD: 183
Initialize() FAILED SFI_SUBMIT_BUTTON: 183

Help in resolving the issue, if i am doing anything wrong.

Regards
Aslam

endless Loop when click on "switch user"

Compile the DLL and install it to system32.

Go to Local Security Policy --> Local Policies --> Security Options -->

disable Interactive Logon: Don't display last signed in
disable Interactive Logon: Don't display username at sign in
Then open a admin cmd gpupdate /force to pick up group policy changes

If you did the steps above correctly you should see a "switch user" when locking the PC. If you click on this then the PC will be stuck in a loop since the custom credential provider will crash.

Warning
You probably want to enable SSHD on windows so you can SSH in to recovery from this endless loop via safemode. or via a USB installer key.

enable safemode:
- bcdedit /set {current} safeboot minimal
disable safemode:
- bcdedit /deletevalue {current} safeboot

I believe this is what this user is trying to describe : #7

Focus problem

I have a rather strange case.

In my project I only implement ICredentialProviderCredential (without ICredentialProviderCredential2) to get my own tile. For now, I am creating a prototype so I have not implemented any functionalities under this tile and I noticed a problem that cancels the use of CP in this way in my company.

When my smartcard initializes (on the usb pen, Sign-In options appears) the field in which I enter the login or password loses focus and then the focus gets the first field to edit, which causes the password to be entered in the login field or the password begins to be re-entered . I'm talking about a standard password provider here, I don't click on the tile I added.

I found an entry in Microsoft's documentation that probably describes the problem accurately: https://docs.microsoft.com/en-us/windows/win32/api/credentialprovider/nn-credentialprovider-icredentialprovidercredentialevents2
but I don't call CredentialsChange in my code.

Can I get rid of this focus problem somehow?

add pGINA fork

hi, It would be nice, if you add the pGINA fork to your links. Thanks.

https://mutonufoai.github.io/pgina/

Disabling the Windows Welcome screen after sign-in

Hi @DavidWeiss2! I'm trying to make another project, and was hoping you could help me out or point me in the right direction. I'm trying to fully disable the welcome screen when Windows boots and a user is automatically signed in. The intent is to "consolize" Windows as much as possible and have it boot straight to a game UI like Steam Big Picture.

Do you know how I could completely disable it, put a black photo on top of all the welcome UI elements so the screen appears black?

SampleV2CredentialProvider.dll is not being triggered on authentication of user (Win2016)

I am new to windows app development and just trying to get get the sample running. Using windows 10 sdk 10.0.18362.0. The sample code compiles and the dll is built. Loading the dll with the registry on a Windows 2016 vm and tested a few windows authentication from the console but it does not look like the dll is being triggered. Is it expected that console login would trigger the dll?

How can I handle password expiry in the credential provider?

Hi thanks for this project it helped me alot, can you please help me out how can I handle password expiry in credential provider where the user should be prompted to change password and should be able to change password from my credential provider when his password expired, Thank you.

Signature based user authentication PDF [Link Expired]

The link https://is.cuni.cz/webapps/zzp/download/120183949 is not working, need help with the working link