Windows Credential Provider with C#

StackOverflow https://stackoverflow.com/questions/16092696

  •  04-04-2022
  •  | 
  •  

Frage

Has anyone successfully created a custom Windows Credential Provider in C#? The samples that are in the Windows SDK are all in C++. Some initial searching I have done indicates it may be possible but cannot seem to find anyone who has confirmed it.

War es hilfreich?

Lösung

+1 for pgina. As Cody says, there is no managed API you can use to make a Credential Provider, and if you want to go the pInvoke route it will probably take more of your time troubleshooting pInvoke issues than figuring out the Credential Provider.

Where pGina can help you is that it has a nice Plugin architecture and the Plugins are written in managed code. See the chart here. pGina handles the communication with LogonUI (native code) but relies on the plugins (managed) to do the actual authentication, which is probably what you want to control (otherwise you probably wouldn't need your own credential provider).

Andere Tipps

The new CredentialProvider model in Windows Vista and higher is based on COM. This means that it should be possible as long as you implement the correct COM interfaces.

Based on this, it should be easier to build than the older GINA model since the older GINA module used DLL entry points and function pointers instead of COM interfaces.

Given the ability for .Net to inter-operate with COM, it should be as easy as:

  1. Building a C# definition of the ICredentialProvider interface and adding the correct COM attributes with the correct GUIDS
  2. Building a credential provider class that implements the ICredenitalProvider and is marked as COMVisible(True)
  3. Registering the new assembly with Regasm
  4. Adding the correct registry keys to register your new CredentialProvider with Windows (Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers)

If you do all of that, you will have a working credential provider, written in C#

Check out pGina. I was playing around with it and it seems to work alright on my Windows 8 install, so it should work well with all Windows versions before that too. It is still in pretty early stages though and I can't see any way of creating a custom UI without having to delve into the native half of the project. Hope this helps!

[EDIT] Just read Cody Gray's comment again. To be clear, pGina is really just the native code written for you. But yeah, you'd probably have more control writing it in C++ to begin with, but if you don't need too much control as to how it is presented then pGina is the way to go.

This is possible because credential providers are COM objects, and COM objects can be implemented in managed code.

See this blog for some details and a good starting point. Github repo is here.

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top