Windows Vista Sample Credential Providers OverviewContents ..................................................................................................................................................1 Terms of Use............................................................................................................................2 Release Notes...........................................................................................................................3 SampleCredentialProvider......................................................................................................3 Common Tasks For Extending SampleCredentialProvider....................................................5 SampleCredUICredentialProvider........................................................................................10 SampleAllControlsCredentialProvider.................................................................................11 SampleHardwareEventCredentialProvider..........................................................................13 SampleWrapExistingCredentialProvider..............................................................................14 Summary.................................................................................................................................19 Questions................................................................................................................................19 copyrights. Complying with all applicable copyright laws is the responsibility of the user. patent applications. e-mail addresses. domain names. Unless otherwise noted.Terms of Use This code and information is provided "as is" without warranty of any kind. Except as expressly provided in any written license agreement from Microsoft. Information in this document. no part of this document may be reproduced. and Visual Studio are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. copyrights. or transmitted in any form or by any means (electronic. people. place. the furnishing of this document does not give you any license to these patents. logo. Without limiting the rights under copyright. All rights reserved. Microsoft may have patents. person. organization. 2 . recording. and no association with any real company. trademarks. is subject to change without notice. and events depicted herein are fictitious. Microsoft. domain name. products. the example companies. Windows XP. or otherwise). Copyright (c) 2006 Microsoft Corporation. mechanical. or for any purpose. stored in or introduced into a retrieval system. trademarks. or other intellectual property. or other intellectual property rights covering subject matter in this document. either expressed or implied. places. or event is intended or should be inferred. product. organizations. e-mail address. Windows Vista. including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. including URL and other Internet Web site references. photocopying. logos. without the express written permission of Microsoft Corporation. The following screenshot shows what this might look like on a domain joined machine. SampleHardwareEventCredentialProvider. which supports asynchronous events. SampleWrapExistingCredentialProvider. Release Notes We previously released a version of SampleCredentialProvider. we’ll cover the following topics: Understanding the base SampleCredentialProvider codebase. SampleAllControlsCredentialProvider. This release of the samples has the following changes • 4 new samples showing uses of additional features of the credential provider model • Updated the base samplecredentialprovider in the following ways o Fixed the issue where the release configuration wouldn’t build o Built & tested in on x64fre o Fixed a bug in the implementation of GetBitmapValue that caused the tiles not to show up on some machines. 3 . NOTE: Everyone should make sure they pick up this fix. Common tasks for extending the base SampleCredentialProvider codebase. This sample is hardcoded to expose two accounts: Administrator and Guest. 1. SampleCredentialProvider provides a DLL project that exposes the two COM interfaces required to develop a credential provider: ICredentialProvider and ICredentialProviderCredential. we’ll take a look at some custom Windows Vista credential provider samples.Introduction In this document. SampleCredUICredentialProvider. Specifically. which exposes each possible UI control. The SampleCredentialProvider Codebase The SampleCredentialProvider project provides a working baseline credential provider. 5. which wraps the default username/password credential provider in Windows Vista. 3. ICredentialProvider exposes the functionality to enumerate available credentials. 2. 4. and ICredentialProviderCredential exposes the functionality required for each specific credential during the authentication process. which supports CredUI. o Added an implementation of SetSerialization SampleCredentialProvider Out of the box. 6. def guid.h/. which typically manages one or more CSampleCredentials.h/. Edit these files to change the way a tile responds to user input. resources.cpp. You’ll need to edit these files to use the GUID from guid. Defines the provider’s GUID.h/. each with their own purpose: File[s] common. Fulfills baseline support for COM server and DLL requirements. You’ll need to edit guid.h wherever a GUID appears.h to reference your unique GUID.rc . 4 dll. such as images.cpp helpers. respectively. Defines the behavior of a credential tile.h. Unregister. You’ll also need to edit the Register.reg file to reflect the name of your object (the first two registry keys) and the name of the DLL (the third registry key). Edit this file to change the number and type of UI elements in each credential tile. Manages provider resources. Defines the behavior of the credential provider.cpp Register. You shouldn’t need to edit these files. such as the tile image.cpp CSampleProvider. Registers and unregisters the sample credential provider.reg.reg resource.h/. to the credential provider. Edit this file to change the way credentials are enumerated.cpp Purpose Describes the UI and layout of the credentials.Project Structure The SampleCredentialProvider project includes a small set of files. Provides utility methods for working with UNICODE strings and auth packages. You shouldn’t need to edit these files.h/. Edit these files if you want to add more resources.h CSampleCredential. samplecredentialprovider. so this may be something you choose to do once you’re comfortable with the codebase.0\Lib". Press OK to dismiss the dialog. For more info on how to do this. They should be compiled against the SDK for the February CTP and run on the matching build. Make sure the path to your Vista SDK library directory is included in Additional Library Directories. In the Solution Explorer. select the Configuration Properties | Linker node to display the general properties of the linker configuration. right-click the SampleCredentialProvider project node and select Rename. 3.tileimage. We’re also not going to rename any of the folders or files to reflect the name unless it is required to build successfully. rather than starting from scratch. We’ll use “MyCredentialProvider” as the new project name. Make sure the path to your Vista SDK include directory is included in Additional Include Directories. it is recommended that you customize it to meet your needs. In the left tree view.Htm in the root of the SDK directory. In the Solution Explorer. 5 . includes. In the SampleCredentialProvider folder. Please note that these samples are intended to be run against the February CTP release of Vista (build 5308). 8. Set up Visual Studio 2005 in Tools | Options to use the executables. On a default install it ends up at “C:\Program Files\Microsoft SDKs\Windows\v1. and libs from the SDK instead of the ones shipped with VS. 5.bmp The image to display on the credential tile. double-click the SampleCredentialProvider.0\Include”. 2. 9. On a default install it ends up at “C:\Program Files\Microsoft SDKs\Windows\v1. Edit this file (or add different images) to change the image that appears in the tile.sln to open it in Visual Studio 2005. 1. select the Configuration Properties | C/C++ node. Change the name to “MyCredentialProvider” and press Enter to lock in. 7. 6. Common Tasks For Extending SampleCredentialProvider Since SampleCredentialProvider provides a great baseline for developing custom providers. In the left tree view. so be sure to change it to reflect the name you want to use. see ReleaseNotes. right-click the MyCredentialProvider project node and select Properties. The following steps will walk you through the process of customizing the SampleCredentialProvider project that is common to all extensions. 4. This will launch the MyCredentialProvider Property Pages dialog. The Guest account may or may not be enabled due to the security settings of your system. These are useful to keep in mind when reviewing the other samples covered later in this document. Save Register. You can generate a unique GUID from Tools | Create GUID. Save Unregister.reg in notepad or Visual Studio (do not execute it in Explorer).reg. Save samplecredentialprovider.dll" to "MyCredentialProvider. 17.10. You should be able to log in using the newly created Administrator account tile. Replace the GUID in the registry key with the one used in the Register.h.def. 14. If all you see is one large tile. copy Unregister. Select Build | Build Solution. Open guid. The login screen should now have an extra Administrator and Guest account. review the steps above. Also change “sampleprovider” to “MyCredentialProvider” as well as "SampleCredentialProvider.dll to the System32 directory of the test machine.reg in notepad or Visual Studio (do not execute it in Explorer). 12. Be sure to remember it for later. Change “SAMPLECREDENTIALPROVIDER. 18.reg.def.h. 13. 16.reg. Open samplecredentialprovider. select the option to switch users. Replace the GUID in DEFINE_GUID with a unique one. click Switch User to see the list of tiles.dll".reg to the test machine and run it to unregister the credential provider. Copy the freshly built MyCredentialProvider.reg to the test machine and run it from Explorer to register the credential provider.DLL” to “MYCREDENTIALPROVIDER. If there are any build errors. Copy Register. Replace the GUIDs in each registry key with the one created in the last step. 20. 19. Open Register. Open Unregister. 6 . Save guid. Tips & Tricks The following are some tips & tricks that can help you during the development cycle. From the Start Menu.DLL”. 11. 15. If you want to remove the sample. reg file from Explorer on the target machine. run the Unregister. Then when you need to update your credential provider dll. As a result. then log out (which will create a new session with a new logonUI. you can register and unregister credential providers without them being locked by Windows (unless they are actively in use).Rebooting When rebooting the test machine. There are a few other possibilities to simplify updating binaries: • You may choose to set up a dual boot system with a safe OS (like Windows XP) on one partition and your Windows Vista installation on another partition. • A quicker “use at your own risk” tactic is to run “kill. which will unregister the DLL as a credential provider. you may want to edit one file in the project (such as by adding and deleting a space) before invoking the build again. it is most likely due to the fact that the DLL is still loaded and cannot be overwritten on the drive. and then reboot.exe) Automating The Deployment Process If you are developing on a test machine to begin with. and Visual C++ will skip the build process if the binaries are already up-to-date. As a result.dll" %systemroot%\system32 /Y If you do this and the Post-Build Event fails during a build. it’s a good practice to unregister before each reboot to save effort. Once the system has booted. For example.exe” from an elevated command prompt. replace the dll (since it won’t be locked in the safe OS) and then reboot into your Windows Vista installation to test your changes. run the 7 . Credential providers that are registered during boot are locked by the operating system and cannot be overwritten. you can automate the DLL deployment process of by adding a Post-Build Event that automatically copies the output DLL to the System32 directory. copy the updated binary over. most likely because it was a registered provider during boot. However. you can go to the Configuration Properties | Build Events | Post-Build Event tab of the project’s Property Pages dialog and set the following for Command Line: copy "$(OutDir)\$(ProjectName).exe logonUI. If the Post-Build Event continues to fail due to the DLL being loaded. If you leave a credential provider registered during a reboot. After rebooting. be careful when performing a second build since the Post-Build Event only occurs after a successful build. it is highly recommended that you unregister the credential provider you are working on (unless you are specifically testing its behavior during the reboot itself). you can boot into the safe OS. you will not be able to overwrite it with a new version until you unregister it and reboot once again. hwndParent = NULL. ULONG authBufferSize = 0.lib. 4. credUiInfo. Add your credential provider project to the solution. &(authPackage). Set breakpoints.cbSize = sizeof(credUiInfo). 5. Your breakpoints should get hit as appropriate after CredUIPromptForWindowsCredentials is called from the console app. credUiInfo. such as: #include "stdafx. 0.h> int _tmain(int argc. credUiInfo. credUiInfo. Update the main function of your new project to make a call to CredUIPromptForWindowsCredentials. CREDUI_INFO credUiInfo. LPVOID authBuffer. DWORD authPackage = 0. credUiInfo. drastically simplifying the process of development and testing. 6. 8 . 0.h" #include <windows. &authBuffer. To do this: 1. CredUIPromptForWindowsCredentials(&(credUiInfo). NULL. You may need to update your “Additional Include Directories” and “Additional Library Directories” to point to the Windows Vista SDK from the project’s property pages dialog.pszMessageText = TEXT("My message").pszCaptionText = TEXT("My caption"). Update the project to link against CredUI. Create a new Win32 console project in Visual Studio. Since the CredUI scenario runs from a normal desktop session. you’ll be able to attach the Visual Studio debugger to it at runtime. } 3. it is recommended that you use it during development and debugging if you are developing on the test machine. &(save). and then run the console app in debug mode.reg file from Explorer to register the DLL as a credential provider once again. etc.h> #include <WinCred. 2. &authBufferSize. Developing With CredUI Although you may not want to support the CredUI scenario in your final credential provider. Build the credential provider and make sure the latest version is deployed to the System32 directory and is registered as a credential provider.Register. 0). _TCHAR* argv[]) { BOOL save = false.hbmBanner = NULL. exe under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 5. Bcdedit –debug on ii.exe key. create a string value named Debugger a. so the process will exit quietly 9 . Hook up your debug cable b. –g ignores the initial startup breakpoint in the process (if you want the process to break instantly when first executed to set BPs. 1.microsoft. Bcdedit –dbgsettings serial debugport:1 baudrate:115200 c. Install the debugger package (http://www. On the debugee machine. There’s a fair amount of info on how to do this on the web (although not specifically for logonUI). run something like i. Populate that value with the path to ntsd.Debugging LogonUI In short: hook up kd between your test machine and your debugging machine and then pipe ntsd over kd for logonUI. for example C:\debuggers\ntsd. Get kd set up between the two computers (for more info look on the web or MSDN) a. do not set the small g) d. –d pipes the NTSD output to KD c.exe –r –k com:port=com1. In the logonui.exe -d -gG -y <path to local symbols> (space between –y and path required) b. On debugger machine.baud=115200 3. Reboot debuggee d.mspx) 2.com/whdc/devtools/debugging/default. But here’s some basic pointers. Create a key named logonui.exe on your machine. Kd. –G ignores the termination breakpoint. Copy symbols that you will need locally to the box since NTSD won’t have access to the network 4. run something like the following (change command line arguments as necessary) i. there is one place you’ll need to make a decision regarding how your credential provider works. The other thing you might do is to accidentally unregister one or more of the builtin credential providers by deleting its key from the registry. there is a good possibility that you might mess up the credential providers. possibly even crashing LogonUI. then when the process starts. If Your System Becomes Unstable During the process of credential provider development. While implementing these credential providers are fundamentally the same. From safe mode you should be able to log in using the normal password provider. here are the keys from HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers: Provider GenericProvider PasswordProvider Smartcard Credential Provider Key {25CBB996-92ED-457e-B28C-4774084BD562} {6f45dc1e-5384-457a-bc13-2cd81b0d28ed} {8bf9a910-a8ff-457f-999f-a5ca10b4a885} You should be able to reenter them after rebooting in safe mode. The implementation of CSampleProvider::SetUsageScenario contains everything we need to add support for CredUI. CredUIPromptForWindowsCredentials relies on the same credential providers used by the login screen. Type sxeld <dll name> c. Don’t Panic. which asks the 10 . Then g the debugger and NTSD will break in on load of that dll and you can set breakpoints. For reference. but good to know if needed) a. Follow all of the steps above for the executable that loads the . at which point you can unregister the offending credential provider.dll. This method is called with a specific usage scenario (a CREDENTIAL_PROVIDER_USAGE_SCENARIO).e. Typically. but do not set the small g flag. which can be thought of as the next generation of CredUIPromptForCredentials (although CredUIPromptForCredentials is still maintained for backwards compatibility). –y sets the local symbol path on the debugee for NTSD 6. etc. Unlike CredUIPromptForCredentials. NTSD will break in b.DLL loads (not required. you can reboot Windows in safe mode (repeatedly tap F8 during early boot for the menu to do this). Breaking in when a . SampleCredUICredentialProvider Windows Vista introduces CredUIPromptForWindowsCredentials. which means that an application using CredUIPromptForWindowsCredentials will not be able to access credentials provided through it.credential provider if it supports it. } SampleAllControlsCredentialProvider The SampleAllControlsCredentialProvider project illustrates the usage of each of the nine UI control available to credential providers. break. } return hr. By default. break. switch (cpus) { case CPUS_LOGON: case CPUS_UNLOCK_WORKSTATION: // If we didn’t want CredUI to be supported. SampleCredentialProvider does not support the CPUS_CREDUI usage scenario. we have changed this by having requests for the CPUS_CREDUI scenario treated in the same way as CPUS_LOGON. However. case CPUS_CHANGE_PASSWORD: hr = E_NOTIMPL. case CPUS_CREDUI: hr = _EnumerateCredentials(). default: hr = E_INVALIDARG. we would return // E_NOTIMPL if this request was for CPUS_CREDUI. DWORD dwFlags ) { UNREFERENCED_PARAMETER(dwFlags). HRESULT CSampleProvider::SetUsageScenario( CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus. HRESULT hr. break. Here’s an example of what you’ll see when you run this sample from LogonUI: 11 . such as GetCheckboxValue.cpp implementation. To change this behavior. we’ve added more controls to the SAMPLE_FIELD_ID enumeration. All other controls appear only in the selected tile. As you’ll see from the screenshots above.h. it’s necessary to add in support for each type of control to the CSampleCredential.h. the base sample only implements support for the String and Bitmap methods. Control SFI_TILEIMAGE SFI_LARGE_TEXT. By default. only the “tile image” and “large text” are configured to display in both selected and deselected mode.h. we’ve implemented support for getting and setting their respective values. In Common. etc. However. modify the second member of the s_rgFieldStatePairs (it’s a CREDENTIAL_PROVIDER_FIELD_INTERACTIVE_STATE). the key areas changed are in Common. as well as respective entries for s_rgFieldStatePairs and s_rgCredProvFieldDescriptors. such as GetStringValue. Required Methods GetBitmapValue GetStringValue 12 . In addition to the new fields in Common.h and CSampleCredential. it was fine to return E_NOTIMPL from the unused control methods.Note that the Cancel button is automatically inserted by LogonUI. since we’re using these controls now. Specifically. One of the nice things about this sample is that it differs only slightly from the base sample credential provider discussed earlier. whereas the “small text” is configured to only appear when the tile is deselected. Since those are the only types of controls used in the sample. SFI_SMALL_TEXT SFI_EDIT_TEXT. SetComboBoxSelectedValue GetStringValue. GetComboBoxValueAt. CommandLinkClicked SampleHardwareEventCredentialProvider A common scenario for custom credentials involves external events. SetCheckboxValue GetComboBoxValueCount. When disconnected. allowing the user to log in: 13 . the credential merely displays a large text asking the user to connect: By pressing the “Press to connect” button. SetStringValue GetSubmitButtonValue GetCheckboxValue. When run. SFI_PASSWORD SFI_SUBMIT_BUTTON SFI_CHECKBOX SFI_COMBOBOX SFI_COMMAND_LINK GetStringValue. The SampleHardwareEventCredential sample illustrates processing asynchronous events such as these. This window is designed to emulate an external element that has two states: connected and disconnected. such as the arrival of a message generated by a fingerprint scanner. the credential provides different controls. this sample displays a window with a single button. exactly one credential is always displayed. The window is created on a separate thread. which is effectively the same as the CSampleCredential from the SampleCredentialProvider project. the provider displays the proper one. SampleWrapExistingCredentialProvider In some scenarios. However. When the button is pressed. Note that we’re calling CredentialsChanged from a separate thread. you could customize CCommandWindow::ThreadProc to look for any event you need. It would be a shame to have to re-implement the functionality of 14 . which provides it with a way to pump messages while the provider thread is managed by an external authority. with the exception of an additional field or two you need to retrieve from the user. this sample actually implements two credentials: a “please connect” message credential and an actual “log in” credential. which is okay to do. While this sample illustrates using a button on a window as an event. be extra careful when trying to call other methods from the separate thread. methods like GetCredentialCount and GetFieldDescriptorCount are called again. Depending on the state of the connection emulator window. In turn.Since you cannot change the controls used by a credential from an event. In either case. you may find that an existing credential provider fits almost all of your needs. } } When the credentials are enumerated. the window thread calls in to the provider. provided it’s supported on the secure desktop. asking it to re-enumerate its credentials by calling the CredentialsChanged method on the ICredentialProviderEvents pointer it received in an earlier Advise call: void CSampleProvider::OnConnectStatusChanged() { if (this->_pcpe != NULL) { this->_pcpe->CredentialsChanged(this->_upAdviseContext). the provider checks the state of the connection emulator and provides data for the appropriate credential. and how to authenticate. In our scenario. Encapsulation is only done explicitly and should only be done when you know exactly what the behavior of the wrapped credprov is.the existing credential provider. Unlike GINA chaining. then a network provider is likely more suited to your needs than a credential provider. how to enumerate them. Please note that encapsulation (or "wrapping") should be used sparingly. We’ll let the existing credential provider decide how many credentials to enumerate. so this sample illustrates the process of wrapping an existing credential provider and extending it with two additional fields. We’ll also let it deal with the behavior for the controls it defines. and then we proxy most of the calls through to it. It is not a one size fits all replacement for the GINA chaining behavior. we simply attached an extra small text and combobox to the existing password provider’s credentials. If you merely want to do something extra with the credentials gathered by another credprov. the behavior you add only applies if the user clicks on your credential tile and does not apply if they click on another credential tile. In our scenario. so they can be created and managed just like any other COM object. It should be used when you want to extend the credential information that the wrapped credprov is getting. Credential providers are COM objects. we use the CLSID_PasswordCredentialProvider found in CredentialProvider. returning the 15 .h to instantiate the provider. However. Fortunately. if we receive calls related to our specific extensions. } } 16 . ppwzLabel). we can perform a simple check to see if the field is ours or theirs. For example. In some cases. we do handle calls that our wrapped credential needs as well. if (this->_pInnerCredential != NULL) { // If the field is in the wrapped credential. if (this->_pInnerCredential != NULL) { // If the field is in the wrapped credential. we handle those ourselves. offset into the array to account for wrapped fields // and handle it ourselves. pass it along. we can use the dwFieldID parameter to determine whether the referenced fields are ours or theirs. we don’t use a checkbox in our extension. pbChecked. calls to methods we don’t do anything for should still be passed along to the wrapped credential. ppwz). } } return hr. else { dwFieldID -= this->_dwInnerDescriptorCount. it’s important to avoid assumptions where possible. ppwz). pass it along. Since we don’t want to limit the functionality of the wrapped credential. } // Otherwise. Since our sample appends controls to the wrapped credential. if (dwFieldID < this->_dwInnerDescriptorCount) { hr = this->_pInnerCredential->GetCheckboxValue( dwFieldID. but it is possible that the underlying credential may (if not now. then possibly sometime in the future). As a result. } else { hr = E_INVALIDARG.results as though they were our own. For example: HRESULT hr = E_NOTIMPL. if (dwFieldID < SFI_NUM_FIELDS) { hr = SHStrDupW( this->_rgFieldStrings[SFI_I_WORK_IN_STATIC]. if (dwFieldID < this->_dwInnerDescriptorCount) { hr = this->_pInnerCredential->GetStringValue( dwFieldID. For example: HRESULT hr = E_NOTIMPL. if you decide to insert controls between controls in the wrapped credential. 17 . The default tile in this scenario will receive focus when CredUI appears to the user. it is very important that all third parties proceed with extreme caution when implementing a wrapped provider. when two or more providers return a default tile. The Credential Provider is free to specify any of its tiles when it enumerates the default. For instance. The Credential Provider most recently used for interactive logon will receive preference when multiple providers return a default tile. developers should keep in mind that LogonUI will not necessarily treat their tile as the default in all cases. Wrapping Existing Credential Providers Although Microsoft provides a wrapped Credential Provider sample. The Microsoft in-box providers should be safe to wrap by third parties. wrapping is a safe technique and allows third party developers to avoid rewriting code. This behavior does not occur in a remote session because the most recently used Credential Provider is not saved. However. As long as instantiating multiple instances of the wrapped Credential Provider does not cause problems.h. The default tile provided by the Credential Provider last used to successfully logon does not need to be the same tile used during the previous logon. For some well-known credential fields. you can determine their location by checking the guidFieldType property of their CREDENTIAL_PROVIDER_FIELD_DESCRIPTOR. In other words. password field’s CLSID is CPFG_LOGON_PASSWORD. Although this is straightforward from the perspective of each individual Credential Provider. Default Tiles A Credential Provider may specify a default tile when queried regarding the number of tiles it intends to return. if the wrapped Credential Provider stores anything globally there may be issues creating two instances. such as the password provider’s password field. Credential Providers may also specify default tiles for the CredUI usage scenario. There is no way for a Credential Provider to determine if other providers specify a default tile. the tile specified by the Credential Provider last used to log on will be displayed in zoomed view. For example. you’ll need to be extra careful to track which field IDs are yours and which are theirs. More wellknown CLSIDs are available in shlguid. CredUI resolves multiple default tile conflicts using the same logic as LogonUI.} return hr. These administrators own the experience on the desktops in their domain. then you are essentially in ITPro category above and you should have no problem. they most likely do not need to worry about conflicting filters unexpectedly breaking their machines.Developers need to be aware that wrapping can be very dangerous if a Credential Provider filters out the original instance of the wrapped provider. but the consequences of unanticipated filtering should be considered to avoid unexpected (and undesirable) consequences. you probably do not need to filter it out. 18 . Third Party Credential Provider authors generally should not assume there will not be other Credential Provider installed on the user’s system. In general. to run a script). If you are not guaranteed to be the only Credential Provider on the box then you may introduce possible instabilities if you filter any built-in providers. Best practices should be followed when installing new Credential Providers. Consider the consequences of not filtering the in-box provider – if it does not severely impact user experience (and wouldn’t cause bad problems if a user logged on using this in-box provider). During logon only one of them will be used. Due to the nature of the controlled environment. you should Only filter out other Credential Providers if you explicitly ask and obtain permission from the administrator in charge of setup Not filter out any of the built-in providers (for instance. For instance. In certain situations this is acceptable. It is bad practice to depend on users logging on using a specific Credential Provider. Consider what happens when a user installs both these hypothetical credential providers on the same machine. Some Credential Provider authors might be tempted to do this in order to force users to use the installed 3rd party Credential Provider for all logons (for instance. In this scenario the user can reach the desktop without performing an important operation specified by one of the credential providers. o If you are an OEM or ISV and you are guaranteed to be the only 3rd Party Credential Provider on the box. consider a case where two separate credential providers each wrap and filter the in-box password provider. If you are an ISV or an OEM designing a Credential Provider intended for deployment to desktops you do not control then you will want to proceed with much greater caution. IT Professionals writing Credential Providers which filter out providers on every box in a domain are most likely safe to filter at their discretion. Imagine at least one of them performs an operation effecting the entire machine before logon. the password provider) unless one of the following is true o Not filtering an in-box provider will cause user confusion. Deploy in a staged environment prior to rolling your changes out to the entire domain. Credential Provider Architecture Unlike a GINA. Credential Providers are intended to run in parallel. we took a look at some Windows Vista credential provider samples. developers should design Credential Providers to provide a way for the user to log on without guarantees that their Credential Provider will be used for log on in all circumstances. 19 . Credential Provider authors cannot and should not write their code provider to enforce running certain code at every logon. Unless it is absolutely guaranteed that another Credential Provider will never be installed on a the user’s machine. Questions Please contact [email protected] with any questions. as well as some tips & tricks for the process of developing custom credential providers. Using wrapping and filtering to attempt to force behavior similar to the GINA model of chaining should not be used unless you are guaranteed no other 3rd party Credential Provider will be installed on the box Summary In this document.
Report "Windows Vista Credential Provider Samples Overview"