Custom Credential Provider for Password Reset


The credential provider for Password Reset is fairly simply and straight forward. Since I have joined the team, there is very little code change in that area. Recently, we decided to fix some minor known bug in the credential provider (CP) and I realized I don’t know too much about how CP works.

So I  downloaded the samples in Windows SDK and played with it. After some time, I came up with the following.

Notice the extra tile at logon screen

… and after you click on the tile.
 

Feel free to download the source code and play with it. The zip file contains x86 and x64 release builds.

 P.S. You have to click into this post to see the attachment.

WARNING: THIS CUSTOM CREDENTIAL PROVIDER IS NOT SUPPORTED AND IS PROVIDED AS IS WITHOUT ANY WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED.

CustomCP.zip

Comments (30)

  1. Anonymous says:

    I want to hardcode PIN while smart logon.

    I read topic: stackoverflow.com/…/certificate-based-login

    I create instanse of struct KERB_CERTIFICATE_LOGON and then fill it  in ICredentialProviderCredential::GetSerialization method.

    What should I do next?

  2. AnthonyHo says:

    i haven’t looked into that

    maybe, the GetSerialization() in the sample is for local logon only

    this might have some useful information

    http://msdn.microsoft.com/en-us/library/bb776026%28VS.85%29.aspx

  3. This is really cool!

    I installed it on a W.2008 R2, and it runs perfectly!

    Congrats.

  4. AnthonyHo says:

    What are you trying to accomplish? This is just an illustration based on the Windows SDK on how to develop a Credential Provider

  5. Anonymous says:

    I have a question which you may know the answer two. I downloaded the Credential Provider Sample from MS and was able to unlock on a computer with no DOMAIN but it failed on a computer on a DOMAIN. Should domain be passed in any special way along with the username (DOMAINusername did not seem to work) – or do the whole sample needs to be rewritten in order to support domain logon?

    Thanks!

  6. AnthonyHo says:

    This is FIM 2010 specific

  7. David Lundell says:

    Anthony,

    I would love to check out the code but I can’t find the link.

  8. David Lundell says:

    Never mind I see it. Eyes too watery from my cold

  9. kamran says:

    I need a Credential Provider to open a web page that allows the user to reset their password.

    Any suggestions would be greatly appreciated.

  10. kamran says:

    I will give that a try. Thanks alot, there is not a lot of resources on Credential Provider, and your blog is very helpful 🙂

  11. ewolfman says:

    Thanks a million!

  12. Aeolus says:

    Hi,

    I can't found the GateFramework.dll. It's include in SDK or custom by your self? thanks 🙂

  13. Anthony says:

    GateFramework.dll is part of Password Reset Client in Forefront Identity Manager 2010.

  14. Simon says:

    Will this work with Windows 7 Embedded?

  15. Federico says:

    Hi Anthony! I hava a question for you! This tool work only with FIM2010? I try to install into my PC and it's ok but when i try to reset my domain user password i recived this response: FAIL: LOADLIBRARY (GATE_FRAMEWORK_MODUL). Tks.

  16. Hi Anthony,
    Does the source code can work with a link to a web application which i wrote using ASP.NET?
    Or is it works just with FIM2010?

  17. Kaler says:

    Hi Anthony, can you tell me how to integrate the source code into the OS Logon screen? Any link would be appreciated.

  18. Kaler says:

    Thank you for response. I am trying to add a button of “Forgot your password” on my OS logon screen and clicking on this button will lead to another application. Is installation of FIM is mandatory if i want to integrate a custom credential provider?

    Can you point me to a link which provides the steps to create a custom credential provider, register it and show its tile on OS logon screen? Windows 8.1, Vista and Windows 7 OS are in my scope.

  19. Anthony says:

    Look at http://msdn.microsoft.com/en-us/library/windows/desktop/bb648647(v=vs.85).aspx
    There are much richer sample in the Windows SDK.

  20. John says:

    hi anthony, is there a way I can modify the password reset program to use my own libraries instead of using FIM 2010?

  21. Anthony says:

    You can’t modify the FIM Credential Provide to use your own library. You can definitely, however, to write your own Credential Provider to use your own libraries

  22. kaliyaperumal says:

    Hi friend,
    It’s nice man and thanks for this post. I need one doubt (i.e.) i need only tile creation on logon page and how to create. kindly update the source and send me : Kali2madu@gmail.com. Kindly do the needful.

  23. Jody says:

    Hi Anthony,

    Thank you for sharing. I, like a couple of others on here, are interested in launching a 3rd party Password Management application and not FIM. Can you provide any assistance in this scenario? Would you be willing to consult on a solution?

  24. Anthony says:

    Jody

    Are you only interested in "**launching** 3rd party different Password Management application" or "**writing** a 3rd party Password Management application" ??

    if it’s the former, the sample i provided only has 3 important lines of code that’s specific to FIM (look at PasswordResetCredential.cpp line 431, 444 and 456). If you want to launch some other app, replace line 432-456 with the one specific to your own application

  25. Mani says:

    how to install it.?

  26. Anthony says:

    See PasswordResetCredentialProviderRegister.reg

  27. Jody says:

    I have it launching my 3rd party app but I wish to bypass the login screen. I just want to click on the Image Tile and launch my app. Any help would be appreciated.

  28. Jody says:

    Nvm. I got it working. Thanks for the code.

  29. hamid says:

    Jody, will you share your code to bypass the login screen. Thanks

Skip to main content