I want to provide an authentication mechanism on Windows for a user on a cloud. The credential provider mostly satisfies this requirement with the premise that the user is a local user, Microsoft account or a domain user of this PC. But I also would like to get escalated privilege as the user, even the user is only on a cloud, not a domain user or Microsoft account.
As far as I know, Microsoft provide a mechanism, SSP(Security Support Provider), kerberos and NTLM implements it. There are few documents describing about SSP, such as The Windows Negotiation Extension and Writing NegoEx SSPs Futhermore, Spgetextendedinformationfn in my current implementation is called though. But I cannot find any further information about what the data I should response to the LSA.
Is there any sample code about SSP, or I should try another way to achieve my goal?
