问题
We're implementing a HW token-based custom credential provider for Windows 10, based on ICredentialProvider, ICredentialProviderCredential and alike.
This works fine for users that are displayed as tiles on the logon screen: when the token gets plugged in, we ask for reenumeration of the credentials by calling ICredentialProviderEvents::CredentialsChanged, and then specify in ICredentialProvider::GetCredentialCount that we've got a credential to be set as default and be performed auto logon with.
The problem is that on Windows 10 not all local users are displayed in the tiles list, just those who are currently logged on, plus the last user who has logged on earlier.
If we return a credential for a user not displayed in the tiles, but with a valid SID and specify it as default and to be logged on automatically - nothing happens, ie. the credential's ICredentialProviderCredential::GetSerialization is not invoked.
How can we perform auto logon for a user not displayed?
The built-in fingerprint-based provider can do this.
回答1:
I just have had to walk around this and pass it. I have been started with Windows Vista and later added a lot of code and logic to support new features of Windows 10, like this one you are talking about.
You must enumerate at GetCredentialCount/GetCredentialAt another one "empty" tile which is not linked to any user.
Then you can modify it and do automatic logon using any user.
来源:https://stackoverflow.com/questions/57161384/custom-credential-provider-logon-users-who-are-not-displayed-on-logon-screen