1

I developed a custom credential provider by using C# and it works both unlock and logon scenario locally. When its CREDUI scenario, i can logon or unlock remote computer with my local Credential provider.

My filter is registered in regedit. Same DLL but different classes.

  1. What I cannot to do is, catch logon or unlock scenario on remote computer with my custom credential provider. I implemented filter interface. UpdateRemoteCredential not working. What could i missing? How can I say "use this credential provider while logging in" in server machine. Thanks.
candogg
  • 145
  • 7
  • your credential provider must be on target comp, not on comp from where rdp connect – RbMm May 16 '23 at 12:47
  • My credential provider (same provider) is installed on the remote machine. But i always need to logon twice because NLA is enabled. I want to enter my credentials in client machine CREDUI then catch credentials on remote machine and go on my operation. – candogg May 16 '23 at 12:49
  • if you correct register filter on target comp, UpdateRemoteCredential will be called (if client pass some credentials). NLA not affect cred providers. not need logon twice – RbMm May 16 '23 at 12:52
  • What do you mean by "correct"? Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters and Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers these keys right? – candogg May 16 '23 at 12:58
  • yes, under filters. when rdp logon atemp, UpdateRemoteCredential must be called – RbMm May 16 '23 at 12:59
  • My filter and CP guids are different. This is not a problem right? – candogg May 16 '23 at 13:01
  • it always must be different. this is not problem. this is must. when logon attemp and client pass some credentials, both Filter and UpdateRemoteCredential must be called on registered filter. if unlock - no any data, only Filter will be called – RbMm May 16 '23 at 13:03
  • Filter is called but not filtering other CP's (when i debug, breakpoint hits and filter code runs. But not disabling other CP's). UpdateRemoteCredential is not firing at all. – candogg May 16 '23 at 13:05
  • possible client not pass any credentials to remote side in this case – RbMm May 16 '23 at 13:06
  • Yes, i can share Filter implementation code if you need. – candogg May 16 '23 at 13:07
  • 1
    here need look under debugger on target system, not on your code – RbMm May 16 '23 at 13:07
  • if you do usual rdp login from mstsc (without custom cred providers on client), are UpdateRemoteCredential called in this case ? – RbMm May 16 '23 at 13:09
  • Trying now. I will inform. Thanks. – candogg May 16 '23 at 13:12
  • No not firing. Will updateRemoteCredential fire in target machine or client machine? – candogg May 16 '23 at 13:15
  • if your Filter is called, so cred provider correct registered and loaded. of course updateRemoteCredential must be called on rdp target – RbMm May 16 '23 at 13:15
  • if exist credential system call your implementation of UpdateRemoteCredential (if system call Filter). – RbMm May 16 '23 at 13:17
  • UpdateRemoteCredential is called when i logon from a system CP. I unregistered / registered again. Now its working but not logging me in. Asks me credentials twice. – candogg May 16 '23 at 13:36
  • Also Server-side UpdateRemoteCredential is called when i logon with my CP in client side. – candogg May 16 '23 at 13:38
  • so about you ask ? – RbMm May 16 '23 at 13:52
  • Finally i made it work correctly. UpdateRemoteCredential -> SetSerialization works. My custom provider works well on remote connections too. – candogg May 16 '23 at 20:54
  • this is strange, because your implementation of UpdateRemoteCredential is wrong. you need set `Statics.CredentialProviderUID` in `pcpcsOut` credentials, not in `pcpcsIn`. unclear what is `new` here mean, memory must be allocated by `CoTaskMemAlloc`. probably need first check `pcpcsIn` before try modify it, but not unconditional allocate `pcpcsOut`. however `c#` very hard understand. – RbMm May 16 '23 at 21:07
  • I corrected it. Now it covers all the scenarios both interactive and remote. Thanks. – candogg May 17 '23 at 08:48

1 Answers1

1

Finally I did it and covered all scenarios both interactive and remote logon. Firstly, UpdateRemoteCredential is firing on target system (i didn't know that). Credential Filter must be installed correctly on target machine. After UpdateRemoteCredential fires, I needed to hold serialized credentials in SetSerialization method (ICredentialProvider implementation). After that, in ICredentialProviderCredential2 implementation, SetSelected method fires. In SetSelected method, I set pbAutoLogon to 1 (because i have credentials). After that, GetSerialization method is fired and its done.

Method order in RDP connections;

  • UpdateRemoteCredential (get serialized credentials)
  • SetSerialization (hold serialized credentials in implementation)
  • SetSelected (set auto logon property to 1)
  • GetSerialization (give serialized credentials to system)
candogg
  • 145
  • 7
  • 1
    more correct in `GetCredentialCount` set `pbAutoLogonWithDefault` to `true` and return `pdwDefault` – RbMm May 17 '23 at 09:40