Dana Epp [Security MVP]
2008-05-27 22:39:51 UTC
Hey guys,
I need some help. Hoping someone in the community has some experience with
writing Credential Providers in Vista or Windows Server 2008.
I have went through all the samples, and the very LITTLE documentation on
the topic in MSDN, and still not clear on a few things. I am hoping someone
could give me some pointers.
I am wrapping the password credential provider and adding an extra password
field. I have it set up so I can do my own password validation logic and
work with the extra field in GetSerialization() just fine. If I find that
the second password is invalid, I want to return a failure, and go to the
blank screen where it can say something like "Bad secondary password". I
would EXPECT this is done in ReportResult(). However, just what are you
supposed to do in GetSerialization() to fire off directly to ReportResult()
so I can output the error string I want? I thought I could do something
like:
*pcpsiOptionalStatusIcon = CPSI_ERROR;
*pcpgsr = CPGSR_RETURN_CREDENTIAL_FINISHED;
hr = ERROR_NOT_AUTHENTICATED;
Problem is it doesn't enter into ReportResult(). I don't want it to actually
call into the LSA* functions underneith. By not passing it down to the
wrapped CP, I assumed I could do the control I wanted.
Any ideas how to do that? Basically if during GetSerialization() I find a
failure, I want to show the results screen and put my error message up. I
don't seem to see any documentation on that. None of the samples cover this
scenario that I can see.
Any pointers to documentation or examples on how to do this would be greatly
appreciated.
Regards,
Dana
I need some help. Hoping someone in the community has some experience with
writing Credential Providers in Vista or Windows Server 2008.
I have went through all the samples, and the very LITTLE documentation on
the topic in MSDN, and still not clear on a few things. I am hoping someone
could give me some pointers.
I am wrapping the password credential provider and adding an extra password
field. I have it set up so I can do my own password validation logic and
work with the extra field in GetSerialization() just fine. If I find that
the second password is invalid, I want to return a failure, and go to the
blank screen where it can say something like "Bad secondary password". I
would EXPECT this is done in ReportResult(). However, just what are you
supposed to do in GetSerialization() to fire off directly to ReportResult()
so I can output the error string I want? I thought I could do something
like:
*pcpsiOptionalStatusIcon = CPSI_ERROR;
*pcpgsr = CPGSR_RETURN_CREDENTIAL_FINISHED;
hr = ERROR_NOT_AUTHENTICATED;
Problem is it doesn't enter into ReportResult(). I don't want it to actually
call into the LSA* functions underneith. By not passing it down to the
wrapped CP, I assumed I could do the control I wanted.
Any ideas how to do that? Basically if during GetSerialization() I find a
failure, I want to show the results screen and put my error message up. I
don't seem to see any documentation on that. None of the samples cover this
scenario that I can see.
Any pointers to documentation or examples on how to do this would be greatly
appreciated.
Regards,
Dana