Windows Credential Provider with C#

Question

Has anyone successfully created a custom Windows Credential Provider in C#? The samples that are in the Windows SDK are all in C++. Some initial searching I have done indicates it may be possible but cannot seem to find anyone who has confirmed it.

Answer 1

+1 for pgina. As Cody says, there is no managed API you can use to make a Credential Provider, and if you want to go the pInvoke route it will probably take more of your time troubleshooting pInvoke issues than figuring out the Credential Provider.

Where pGina can help you is that it has a nice Plugin architecture and the Plugins are written in managed code. See the chart here. pGina handles the communication with LogonUI (native code) but relies on the plugins (managed) to do the actual authentication, which is probably what you want to control (otherwise you probably wouldn't need your own credential provider).

Answer 2

The new CredentialProvider model in Windows Vista and higher is based on COM. This means that it should be possible as long as you implement the correct COM interfaces.

Based on this, it should be easier to build than the older GINA model since the older GINA module used DLL entry points and function pointers instead of COM interfaces.

Given the ability for .Net to inter-operate with COM, it should be as easy as:

1. Building a C# definition of the ICredentialProvider interface and adding the correct COM attributes with the correct GUIDS
2. Building a credential provider class that implements the ICredenitalProvider and is marked as COMVisible(True)
3. Registering the new assembly with Regasm
4. Adding the correct registry keys to register your new CredentialProvider with Windows (Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers)

If you do all of that, you will have a working credential provider, written in C#