Custom Credential Provider: logon users who are not displayed on logon screen

一个人想着一个人 提交于 2021-02-10 16:39:57

问题


We're implementing a HW token-based custom credential provider for Windows 10, based on ICredentialProvider, ICredentialProviderCredential and alike.

This works fine for users that are displayed as tiles on the logon screen: when the token gets plugged in, we ask for reenumeration of the credentials by calling ICredentialProviderEvents::CredentialsChanged, and then specify in ICredentialProvider::GetCredentialCount that we've got a credential to be set as default and be performed auto logon with.

The problem is that on Windows 10 not all local users are displayed in the tiles list, just those who are currently logged on, plus the last user who has logged on earlier.
If we return a credential for a user not displayed in the tiles, but with a valid SID and specify it as default and to be logged on automatically - nothing happens, ie. the credential's ICredentialProviderCredential::GetSerialization is not invoked.

How can we perform auto logon for a user not displayed?

The built-in fingerprint-based provider can do this.


回答1:


I just have had to walk around this and pass it. I have been started with Windows Vista and later added a lot of code and logic to support new features of Windows 10, like this one you are talking about.

You must enumerate at GetCredentialCount/GetCredentialAt another one "empty" tile which is not linked to any user.

Then you can modify it and do automatic logon using any user.



来源:https://stackoverflow.com/questions/57161384/custom-credential-provider-logon-users-who-are-not-displayed-on-logon-screen

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!