Windows 10 自定义凭据提供程序:无需 Windows 密码即可进行身份验证 [英] Windows 10 Custom Credential Provider: Authenticate without Windows password

问题描述

是否可以使用自定义凭据提供程序在没有本地用户真实密码的情况下进行 Windows 登录?

Is it possible using Custom Credential Provider to make windows logon without real password of local user?

我已经能够从 Microsoft 安装/注册示例代码，甚至能够调试它.

I'm already able to install/register sample code from Microsoft, and even able to debug it.

我对这种机制的期望:用户输入一些密码，我的实现与我的密码的本地数据库(存储为 sqlite 数据库)进行一些比较.

My expectation from this mechanism: User inputs some password and my implementation performs some comparison against local database of my password (stored as sqlite database).

现实:本地用户密码必须传递给内部的 LSA 子系统ICredentialProviderCredential::GetSerialization(...)

Reality: local user password MUST be passed to LSA subsystem within ICredentialProviderCredential::GetSerialization(...)

坦率地说，我正在尝试使用某种一次性优惠券代码作为密码，以登录到类似信息亭的工作站.

Frankly speaking I'm trying to use some sort of -one-time-coupon codes as passwords, to login to a kiosk-like workstation.

推荐答案

这是开发自定义凭据提供程序的主要原因.

This is the main reason for developing custom credential provider.

您的提供商必须将身份验证信息返回给 Logon UI 或 Cred UI.它可以是登录名/密码对或基于证书的身份验证.

Your provider must return to the Logon UI or Cred UI the authentication information. It can be a login/password pair or a certificate based authentication.

在您的数据库中，您可以存储真实用户的密码，并在检查您自己的 OTP 后返回该密码.

Inside of your database you can store a real user's password and return it after checking your own OTP.

这篇关于Windows 10 自定义凭据提供程序:无需 Windows 密码即可进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！