自定义凭据提供程序:登录屏幕上未显示的登录用户 [英] Custom Credential Provider: logon users who are not displayed on logon screen
问题描述
我们正在为 Windows 10 实施基于硬件令牌的自定义凭据提供程序,基于 ICredentialProvider、ICredentialProviderCredential 等.
We're implementing a HW token-based custom credential provider for Windows 10, based on ICredentialProvider, ICredentialProviderCredential and alike.
这适用于在登录屏幕上显示为磁贴的用户:当插入令牌时,我们通过调用 ICredentialProviderEvents::CredentialsChanged 请求重新枚举凭据code>,然后在 ICredentialProvider::GetCredentialCount 中指定我们有一个凭据要设置为默认值并执行自动登录.
This works fine for users that are displayed as tiles on the logon screen: when the token gets plugged in, we ask for reenumeration of the credentials by calling ICredentialProviderEvents::CredentialsChanged, and then specify in ICredentialProvider::GetCredentialCount that we've got a credential to be set as default and be performed auto logon with.
问题在于,在 Windows 10 上,并非所有本地用户都显示在磁贴列表中,仅显示当前登录的用户以及之前登录的最后一个用户.
如果我们返回用户的凭据未显示在磁贴中,但具有有效的 SID 并将其指定为默认值并自动登录 - 不会发生任何事情,即.凭证的 ICredentialProviderCredential::GetSerialization 未被调用.
The problem is that on Windows 10 not all local users are displayed in the tiles list, just those who are currently logged on, plus the last user who has logged on earlier.
If we return a credential for a user not displayed in the tiles, but with a valid SID and specify it as default and to be logged on automatically - nothing happens, ie. the credential's ICredentialProviderCredential::GetSerialization is not invoked.
我们如何为未显示的用户执行自动登录?
How can we perform auto logon for a user not displayed?
内置的基于指纹的提供程序可以做到这一点.
The built-in fingerprint-based provider can do this.
推荐答案
我只是不得不绕过这个并通过它.我是从 Windows Vista 开始的,后来添加了很多代码和逻辑来支持 Windows 10 的新功能,就像你说的这个.
I just have had to walk around this and pass it. I have been started with Windows Vista and later added a lot of code and logic to support new features of Windows 10, like this one you are talking about.
您必须在 GetCredentialCount/GetCredentialAt 枚举另一个未链接到任何用户的空"磁贴.
You must enumerate at GetCredentialCount/GetCredentialAt another one "empty" tile which is not linked to any user.
然后您可以修改它并使用任何用户进行自动登录.
Then you can modify it and do automatic logon using any user.
这篇关于自定义凭据提供程序:登录屏幕上未显示的登录用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
