Windows 8 Credential Provider Domain Users

Question

I have been having issues trying to get domain users to authenticate with my custom credential provider. From the Microsoft sample there is a _fIsLocalUser variable which is checked in CSampleCredential::GetSerialization. This is normally true for most cases; however, if connected to a domain and with the Other User tile then I get The parameter is incorrect. It seems that even the suggested format of <Domain>\<Username> isn't accepted when the credential is Serialized. If possible I would also like to support <Username>@<UPN> as well.

I am not sure if this method is the problem however here is the documentation https://msdn.microsoft.com/en-us/library/windows/desktop/aa374802(v=vs.85).aspx

Thanks

Hi, can you help me in a similar problem? I have a credprov, but I don't see the sign-in options when I trying it with a domain user. It seems to me from your post that you achieved it. — Pethő Jonatán, Nov 08 '16 at 08:13

score 1 · Answer 1 · answered Oct 15 '18 at 08:41

Did you solve your issue?

I just clicked the link you supplied with the answer and found a note to pszUserName parameter.

For online identities, if the credential is a plaintext password, the user name format is ProviderNameUserName. If the credential is a SEC_WINNT_AUTH_IDENTITY_EX2 structure, the user name is an encoded string that is the UserName parameter output of a function call to SspiEncodeAuthIdentityAsStrings.

The function SspiEncodeAuthIdentityAsStrings has it's alter ego - SspiEncodeStringsAsAuthIdentity - have to look at it.

Windows 8 Credential Provider Domain Users

1 Answers1