Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Windows Credential Provider with C#

Has anyone successfully created a custom Windows Credential Provider in C#? The samples that are in the Windows SDK are all in C++. Some initial searching I have done indicates it may be possible but cannot seem to find anyone who has confirmed it.

like image 426
Paul Liebrand Avatar asked Apr 18 '13 20:04

Paul Liebrand


People also ask

What are Windows generic credentials?

Generic credentials – Any resource that uses basic authentication such as username and password. This section will reference adding, editing, backing up, restoring, and removing credentials to the Windows Vault.

Where are windows generic credentials stored?

Application and network credentials are stored in the Windows Credentials locker.

What is credential Provider?

Credential providers are the primary mechanism for user authentication—they currently are the only method for users to prove their identity which is required for logon and other system authentication scenarios.

What are generic credentials in Windows 7?

Generic Credentials enables Windows 7 users store web addresses and related username - password information required for a valid authentication.


2 Answers

+1 for pgina. As Cody says, there is no managed API you can use to make a Credential Provider, and if you want to go the pInvoke route it will probably take more of your time troubleshooting pInvoke issues than figuring out the Credential Provider.

Where pGina can help you is that it has a nice Plugin architecture and the Plugins are written in managed code. See the chart here. pGina handles the communication with LogonUI (native code) but relies on the plugins (managed) to do the actual authentication, which is probably what you want to control (otherwise you probably wouldn't need your own credential provider).

like image 112
rifaco Avatar answered Sep 17 '22 15:09

rifaco


The new CredentialProvider model in Windows Vista and higher is based on COM. This means that it should be possible as long as you implement the correct COM interfaces.

Based on this, it should be easier to build than the older GINA model since the older GINA module used DLL entry points and function pointers instead of COM interfaces.

Given the ability for .Net to inter-operate with COM, it should be as easy as:

  1. Building a C# definition of the ICredentialProvider interface and adding the correct COM attributes with the correct GUIDS
  2. Building a credential provider class that implements the ICredenitalProvider and is marked as COMVisible(True)
  3. Registering the new assembly with Regasm
  4. Adding the correct registry keys to register your new CredentialProvider with Windows (Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers)

If you do all of that, you will have a working credential provider, written in C#

like image 22
mageos Avatar answered Sep 21 '22 15:09

mageos