winlogon

Implementation of Custom Windows Authentication Package - LsaApUserLogonEx

强颜欢笑 提交于 2019-12-13 03:24:30
问题 I have been working on LSA auth package for introducing my custom logon mechanism in windows 10. So far, I have been successful in registering the auth package and get my LsaLogonUserEx method called by LSA. Now the thing which I am stuck at is how to prepare the OUT parameters of LsaApLogOnUser method. NTSTATUS NTAPI LsaApLogonUserEx( IN PLSA_CLIENT_REQUEST ClientRequest, IN SECURITY_LOGON_TYPE LogonType, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferSize,

Message to Windows logon screen when services started

試著忘記壹切 提交于 2019-12-13 01:34:33
问题 When I boot my Windows 8.1 laptop, I want to display a message on the Windows logon screen so that I know when all services and startup processes have started. Aside from just waiting some number of minutes, with the assumption that all services that can start have done so, how can I code a process to query for a "startup complete" condition and then update the UI? Would detection of startup-complete be possible with a group policy startup script or a task scheduler routine that triggers on

Can I use logonuser(…) function to logon to windows 7?

旧街凉风 提交于 2019-12-12 01:32:01
问题 I've been trying to create a simple windows service application that inputs the logon credentials and with a click of a button logs you on. I have read about GINA and Credential Provider. I have also looked at many articles including: http://msdn.microsoft.com/en-us/library/aa379608%28VS.85%29.aspx. I just want to know if it is possible to logon using the logonuser function provided by windows? 回答1: No you can not, using LogonUser() is only one step of many in the logon process. Also GINA is

How to tell that the logon screen is currently displayed?

╄→尐↘猪︶ㄣ 提交于 2019-12-11 11:08:04
问题 I am writing a service application that will run with local system credentials. I will need to know from my service if the Windows logon screen is displayed at any particular time. Is there any way to do this? PS. The screens that can be brought up by locking the workstation: Or by trying to switch the user: Or after a Ctrl+Alt+Del: PS. I need this to run on Windows XP and up. EDIT: The only viable solution that I came up with so far is to see if LogonUI.exe process is running. The issue with

KSP (Key Storage Provider) not being loaded at logon via a Credential Provider

牧云@^-^@ 提交于 2019-12-11 06:36:11
问题 I am creating a Windows Credential Provider to logon into a Windows domain using certificates as described on this article. This implies creating a custom KSP that will be called by LsaLogonUser when creating an authentication package. I manage to create the custom KSP and tested it successfully in a standalone app that calls LsaLogonUser directly. Basically creating the authentication package and pass it to LsaLogonUser, loaded the KSP, called a bunch of functions and authenticated the user

Token delegation using LOGON32_LOGON_NETWORK_CLEARTEXT

↘锁芯ラ 提交于 2019-12-11 02:35:36
问题 How safe is it to use LOGON32_LOGON_NETWORK_CLEARTEXT? We have the following scenario: Web server A is using Win32 LogonUser. Then it needs to invoke an asmx method on server B. If the used logon type is LOGON32_LOGON_INTERACTIVE it works well. However the customer rejects this because it requires interactive access. If we use LOGON32_LOGON_NETWORK this does not allow token delegation to the remote server and we get 401 (as expected, according to the MSDN). Attempting to use DuplicateToken to

HTTPS Request From a Credential Provider DLL

一笑奈何 提交于 2019-12-09 13:17:00
问题 I've been creating a Credential Provider DLL that authenticates via the internet before allowing login. However this hasn't worked as well as I expected because my WinHTTP request isn't getting sent. I've confirmed this using wire shark. but I can't figure out why it's not sending any requests off. I've checked that my code is actually calling the functions properly - and they are. But the http request never makes it off. I'm slightly confused at this point and I'm seeking to know if there is

Building a custom credential provider for Windows 7

旧街凉风 提交于 2019-12-09 06:54:36
问题 After looking through the code for building custom credential providers for Windows 7, I managed to get my own tile to show up on the logon screen, and can logon as the desired user. However, I am trying to implement a system where an event (a Bluetooth device in range) triggers a logon/unlock, without needing to click on the tile. I can set it to fill in the password automatically (maybe I will implement pulling the password from the device), but either way, I must click the tile first. If

Smart Card Removal policy is not enforced when performing SSO using Custom Credential Provider

泄露秘密 提交于 2019-12-08 09:12:01
问题 I have created a EFI Pre-Boot Application were in I enter the user credentials which are passed to windows to logon (Single Sign On) using my credential provider. I have a Group policy "Interactive logon: Smart card removal behavior" set to "Lock Workstation: The workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session." So if I reboot the machine and use login using my credential provider,

Add winlogon login method using C# and YubiKey

。_饼干妹妹 提交于 2019-12-08 02:58:37
问题 As for personal fun and challenge, I wanted to add a way to login on my own personal computers. All are currently using Windows 7. Normally this would use ICredentialProvider or something like that. Basically the goal here is to have 2 way to login, the normal user/password one and the alternative (mine) with a Yubikey. Is there any where I could look to find some resources on how to achieve this using C# ? 回答1: There is an article about implementing a custom Credential Provider here, and