- Forum
- Windows Programming
- Custom Credential Provider login using p
Custom Credential Provider login using password or OTP key
Hi,
I am developing Credential provider for One Time Password. There I am able to create for Logon, unlock workstation, CredUI, password must change, password Expire.
There I am using Sample iCredentialProvider which is provided by Microsoft, I am using three fields to login credential Tile
1:- user name
2:- password
3:- OTP Key
And I am able to handle all cases but I just want to reduced one field 2:- password and want to keep only two field on login screen of windows 7 as
1: -User Name
2:- OTP Key or Password
Means I have to login on my window 7 as enter OTP Key or Password as RSA SecurID provided you can login on your window as you enter passcode or you enter password respectively means if don’t enter password and enter only OTP key then windows have to login without asking password, if there are any solution please tell me…
Thanks in advance.
please if anyone knows about this..please can send some piece of code on my mail gangwar.yogendra21@gmail.com
I am developing Credential provider for One Time Password. There I am able to create for Logon, unlock workstation, CredUI, password must change, password Expire.
There I am using Sample iCredentialProvider which is provided by Microsoft, I am using three fields to login credential Tile
1:- user name
2:- password
3:- OTP Key
And I am able to handle all cases but I just want to reduced one field 2:- password and want to keep only two field on login screen of windows 7 as
1: -User Name
2:- OTP Key or Password
Means I have to login on my window 7 as enter OTP Key or Password as RSA SecurID provided you can login on your window as you enter passcode or you enter password respectively means if don’t enter password and enter only OTP key then windows have to login without asking password, if there are any solution please tell me…
Thanks in advance.
please if anyone knows about this..please can send some piece of code on my mail gangwar.yogendra21@gmail.com
Last edited on
I have almost no experience in the field, but I would try this:
-If the user types in the OTP key only, I would contact the RSA servers (Radius servers are called?) and see if the data is valid. If it is valid, I would imagine I still need to logon to the PC with a Windows account (local or Active Directory), so I would imagine I would have a generic account that I know the password of and log in the user this way. Or am I mistaken?
Also note that with the newer Kerberos, you can impersonate and even delegate a token created without authentication, so you might want to see about this. The account that creates the token requires very high privileges to do this, though. I am unsure if you can run the credential provider (or part of it) under a different account. I imagine that credential providers run under LocalSystem.
-If the user types in the OTP key only, I would contact the RSA servers (Radius servers are called?) and see if the data is valid. If it is valid, I would imagine I still need to logon to the PC with a Windows account (local or Active Directory), so I would imagine I would have a generic account that I know the password of and log in the user this way. Or am I mistaken?
Also note that with the newer Kerberos, you can impersonate and even delegate a token created without authentication, so you might want to see about this. The account that creates the token requires very high privileges to do this, though. I am unsure if you can run the credential provider (or part of it) under a different account. I imagine that credential providers run under LocalSystem.
Hi webJose,
how can i do this i don't know i am using KERB_INTERACTIVE_UNLOCK_LOGON to unlock or logon the computer for Local computer and Domain Server user and how can i impersonate ,and i am using SampleAllCredentialProvider code whatever i got on Microsoft link,and there i have to pass password to login to local or domain server user,
please help me......
how can i do this i don't know i am using KERB_INTERACTIVE_UNLOCK_LOGON to unlock or logon the computer for Local computer and Domain Server user and how can i impersonate ,and i am using SampleAllCredentialProvider code whatever i got on Microsoft link,and there i have to pass password to login to local or domain server user,
please help me......
I have only read about the impersonation I mentioned in the context of .Net specifically. In .Net, a WindowsIdentity object can be constructed by username only and can be used to impersonate if the account have the special rights and the Active Directory is at least Windows Server 2003. Besides that, I am no expert in Kerberos. :-(
Coincidentally, I have the ASP.net page I told you about open: http://msdn.microsoft.com/en-us/library/ff647404.aspx . Look up the sub-heading "Impersonating by Using the WindowsIdentity Constructor". The account calling that constructor needs the "Act as part of the operating system" privilege. It also says that this constructor uses the S4U2Self extension of Kerberos.
Topic archived. No new replies allowed.