Vista logon issue

leon123

Hi all,

I use SDK sample code(RTM version) -- SampleWrapExistingCredentialProvider.

If one user click any account icon, he(she) would be authenticated by fingerprint or smart card...etc.
That part is OK, but now I want auto-logon some particular account without clicking any account icon. But I have no idea how to implement. All ICredentialProvider or ICredentialProviderCredential function are invoked by LogonUI so I don't know my code would be implemented when or where. If thread is used, I have no idea how to trigger LogonUI to call ICredentialProvider or ICredentialProviderCredential function.

Is there any idea to implement
Thanks!!

leon123

I select using a thread to control logon which account. Now, my problem is I don't know how to trigger LogonUI.exe to invoke the authentication function of ICredentialProviderCredential.

Does anyone know, or there are other methods

Thanks!!

leon123

I surveyed this topic for several days, and I still have no any idea. Does anyone know, or mail to me privately. Thanks!!

My mail :leonhartwu@gmail.com

Poidl

Lets try the following:

Create your logon credential as usual

Return the following parameters if

HRESULT Provider::GetCredentialCount(DWORD* pdwCount,

DWORD* pdwDefault,

BOOL* pbAutoLogonWithDefault)

is called:

*pdwCount = 1, *pdwDefault=0, *pbAutoLogonWithDefault = TRUE

Then

HRESULT Credential::GetSerialization

will be called without any user interaction

hope this helps ...

leon123

Sorry for late reply.

I tried, but It seems not working. In my observation, functions called by WInlogon(or LogonUI) only would work. I don't know this concept is right or not, but it is in my experience.

Thanks for your suggestion.

Nikita Dehoumon

Hi ,
I've been working recently on vista credential provider. Based on what worked for me, I'll suggest you this:

-Once the credential (that particular account ) is selected or identified , you can store a ( reference) pointer to that credential object in a variable that can be accessed by your thread .
-The thread can then use that reference to call the credential methods and public fields.
-The same logic can be used to access the provider object.

For an example:
[Threads interaction with Vista logon credential provider]

leon123

Hi,

Thank you for your suggestion. But it seems not working for me. Following is my code:

CSampleCredential *CurrentCredential=NULL;

MyThread()

{

...

...
CREDENTIAL_PROVIDER_GET_SERIALIZATION_RESPONSE cpgsr;
CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION cpcs;
PWSTR pwszOptionalStatusText;
CREDENTIAL_PROVIDER_STATUS_ICON cpsiOptionalStatusIcon;

CurrentCredential->GetSerialization(&cpgsr, &cpcs, &pwszOptionalStatusText, &cpsiOptionalStatusIcon);

BOOL *pbAutoLogonWithDefault; *pbAutoLogonWithDefault=TRUE;
CurrentCredential->SetSelected(pbAutoLogonWithDefault);

....

}

This thread is created from "CSampleCredential::Initialize(...)", and the function:"set_CurrentSelectedCredential" which you write in your blog is also invoked in "CSampleCredential::Initialize(...)". But it doesn't call "SetSelected" or "GetSerialization". Is there something I miss

Thank you again!!

Nikita Dehoumon

Hi,

(1)I'll assume your CSampleCredential::Initialize(...) is really called . Where do you call it

(2) Also, your calls (SetSelected( ), GetSerialization( ) ) may fail because of weak references or interface not queried.
So check (3) and (4) .

(3)Make sure to query the COM interface for your credential. Assuming your provider is defined like this:

class CSampleProvider : public ICredentialProvider
{
....
CSampleCredential *_pCredential;// only 1 cred. you'll need an array if more than 1.
}

Let's assume your provider has only one credential. COM interface for credential is typically queried here:

HRESULT CSampleProvider::GetCredentialAt( DWORD dwIndex, ICredentialProviderCredential** ppcpc )
{
...
hr=_pCredential->QueryInterface(IID_ICredentialProviderCredential, reinterpret_cast<void**>(ppcpc));
...
}

Important to check all your return code. you never know.

(4)How do manage your references Be careful with weak references. Make sure it like this. (updated with more code):
[Threads interaction with Vista logon credential provider].

(5)Here is a typical flow diagram example for LogonIU . Make sure your thread fits in.[Guidelines and Example Flow] .

(6) If still unsolved, What's you provider model or logic may be you're missing a step. Are developing the whole from scratch You may just need to Wrap the CLSID_PasswordCredentialProvider.

leon123

Hi,

(1). I really call CSampleCredential::Initialize(...), and global variable "CSampleCredential *_pCredential;" is not NULL.

(2). I initalize the reference passed in GetSerialization( ), and GetSerialization( ) is really called and successful but nothing happened.

But SetSelected( ) is not even called.

(3). Except autologon issue, this CredentialProvider works well ( it is sample code of MS, "RTMCredentialProviderSamples__FINAL" version, and I use "SampleCredentialProvider" project). And the biggest problem I met is how to autologon.

(4). Thank you for your code, I have modified the weak references problem.

(5). I know this flow diagram, but I have a question that confuses me. In this flow diagram, all function ( in Credential or CredentailProvider) are called by LogonUI, if we create a thread to call any function, is its performance just like LogonUI calling It is like that we create many different blocks(it is like our function), and LogonUI picks what he wants and to combine something. But there is another one(our thread) to do the same action, will it take the same performance But in your blog says, it really works.

(6). I don't understand "model" and "logic" means. I very afraid of missing some steps. But I am not sure what I miss.

Thanks for your help and patience again.

Nikita Dehoumon

Hi,

As I said, You can use a thread that will call your provider directly. I've implemented a provider ( biometric+token OTP) that is using this mecanism. It works perfectly.

Assuming you're using the code from SampleCredentialProvider ; Your credentials objects are created and initialized ,invoked and destroyed as done in SampleCredentialProvider. Based on your needs and logic, you select the credential you want (may be by flagging or marking a field in the credential class, I don't know , that's up to you).

Now, you main goal is to have a way to invoke methods on the credential (independantly from LogonUi).
This is why you need an additional pointer that will be used to store a copy of that credential address. And your thread should have access to it.

That's the whole point with my article [Threads interaction with Vista logon credential provider].

Assuming you're managing this pointer lifecycle with cleanupCurrentCredential() & set_CurrentSelectedCredential(CSampleCredential *Current) as I do, your only concern should be where to call them. Keep in mind that before calling set_CurrentSelectedCredential(...) , your credential should have been initialized and its COM interfaces queuried as done in SampleCredentialProvider. Your thread should not create the credential or call Initialize() for example. You let LogonUi , the provider and credentials go through their calling sequence for creation, initialization & others stuffs related to the flow diagram.

Then you place set_CurrentSelectedCredential(...) anywhere that it can get called by LogonUI . You need to understand perfectly the flow Diagram sequence to do that . In my case, I place this function in CSampleCredentia l:: SetSelected(BOOL* pbAutoLogon) , which is called by LogonUI anytime the user select a credential (not the same scenario as you). Once your selected credential address copy has been set , your thread can now call methods on the pointer .

If you cannot adapt this scenario to your needs, I can still help you but I'll have some questions like:
(1)What's you provider main goal scenario what are you trying to do
(2)How do you "select or mark ou auto-choose" credentials

Also, You may wanna take a look at this Auto-logon with smartcard scenario, it's very interesting. You may be able to adapt it to your scenario.

Best regards,

leon123

Hi,

I think I am quite stupid. I have read articles you make link. I have read many times and reread today, and still can't get new things. So I follow your steps, call set_CurrentSelectedCredential in CSampleCredentialetSelected and SetStringValue in my thread and it is still not working.

I show part of my code to let you see where is the problem.

(1) In SetSelected, I create thread and CurrentSelectedCredential

HRESULT CSampleCredential:etSelected(BOOL* pbAutoLogon)
{

set_CurrentSelectedCredential(this);

DWORD ThreadId;
hThread=CreateThread(NULL, 0, ThreadProc, this, 0, &ThreadId);
return S_OK;

}

(2) In my thread, call SetStringValue

DWORD WINAPI CSampleCredential::ThreadProc(LPVOID lpParameter)
{
...

...

wchar_t wsName[30]; swprintf(wsName, L"TEST_SUC");
CurrentCredential->SetStringValue(0, wsName);

...

}

Is there something missing

Q:Must I both give CSampleCredential* CurrentCredential and

CSampleProvider * CurrentProvider the reference

1.My goal : As reboot, logoff or switch user (anywhere need to login), showing a verification dialog. After verifying successfully, it will auto-login some account and the whole procedure don't need to click any tile.

2. Now, I try to use a thread to make the goal. I think trigger WinLogon to login is another way, but I don't know how.

Is the description clear enough

Thanks a lot!!

Nikita Dehoumon

Well, I can understand your frustration . We're all here to learn.
Here is my detailed tutorial and all the code about how interaction is done between LogonUI/Provider/credential and any specific thread. It should help you understand what is possible or not to do with threads.
As you can see, there's a lot you can do but I'm still not sure that you really need threads for Auto-logon without user interaction. That's why I suggested you to take look at Auto-logon with smartcard scenario . Basically :

-If you have only 1 credential, you can use your username/password set to fill required credential fields&buffers after credentials creation& initialization.Then you'll use GetCredentialCount(...) to enable auto-logon mode. The last thing you'll have to do is to use GetSerialization(..) to fill these retrieve your fields&buffers values.
-If you're using the wrapped provider sample (means you can have more than 1 un-predetermined credential) then auto-logon can be enabled in GetCredentialCount(...) .You can take a look at my tutorial to see how you can get username and set password in CSampleCredential::GetStringValue(..). Of course you'll need a way to validate your targeted user.

Have fun.

Vista logon issue

Re: General Windows Vista Development Issues Vista logon issue

Re: General Windows Vista Development Issues Vista logon issue

Re: General Windows Vista Development Issues Vista logon issue

Re: General Windows Vista Development Issues Vista logon issue

Re: General Windows Vista Development Issues Vista logon issue

Re: General Windows Vista Development Issues Vista logon issue

Re: General Windows Vista Development Issues Vista logon issue

Re: General Windows Vista Development Issues Vista logon issue

Re: General Windows Vista Development Issues Vista logon issue

Re: General Windows Vista Development Issues Vista logon issue

Re: General Windows Vista Development Issues Vista logon issue