This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 89%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
By default Windows has a basic (e.g. password or pin ...) authentication-flow for PC machines. Our goal is to extend current level of authentication with additional biometric factors (e.g. fingerprint, 3D-face ...) to be implemented by 3rd-party vendors (e.g. sensor-device, sdk, driver, api ...). We want to integrate the service-provider's external api inside (possibly after the basic-auth layer) the current authentication-flow of Windows-PC. Thus far, an attempt has been made to develop a credential provider using ICredentialProvider interface. How to enable this additional layer (after basic authentication)?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXY%3C/text%3E%3C/svg%3E)
Did you check the document Credential Providers in Windows and these samples?
@Auishik Pyne, any update about this question?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 92%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERL%3C/text%3E%3C/svg%3E)
Hope you've been well. Have you solved your issue?
I have developed a custom credential provider following sample codes and verified that the UI and method invocations work correctly. However, despite matching the hardcoded username and password, I cannot log in or access the Windows home page.
What could be causing the login failure with a custom credential provider, even when credentials are correct, and how can I resolve this issue?
I have developed a custom credential provider and verified that the UI and method invocations work correctly. However, despite matching the hardcoded username and password, I cannot log in or access the Windows home page.
What could be causing the login failure with a custom credential provider, even when credentials are correct, and how can I resolve this issue?
I've developed a custom credential provider and ensured the method calls and user interface function properly. But even though my username and password match the hardcoded credentials, I cannot log in to the Windows home page. Even when credentials are right, why might a custom credential provider not allow me to log in? How can I fix this problem?
I have developed a custom credential provider following sample codes. Currently, it is working as DLL instructed. I am trying to log in to windows home page using username and password. And I am matching them with hardcoded values. Even though I have used the correct username and password I can't log in. How can I fix that?
Could you please show a minimal, reproducible code snippet without private information?
This is my GetSerialization method. This method is being invoked and I have got "Login successful. Credential packed and ready." log message. But still, It is not redirecting to Windows homepage. Can you help me to get it redirected to Windows home page?
@Auishik Pyne, could you please show a minimal, reproducible sample without private information and steps, not pictures?
This is my GetSerialization method (below code snippet). This method is being invoked and redirects to windows homepage if the password matches the set-up password in Windows sign-in options.
But I want to authenticate with custom logic and if successful it will redirect to the Windows homepage. Is it possible?
HRESULT CSampleCredential::GetSerialization(_Out_ CREDENTIAL_PROVIDER_GET_SERIALIZATION_RESPONSE *pcpgsr,
_Out_ CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION *pcpcs,
_Outptr_result_maybenull_ PWSTR *ppwszOptionalStatusText,
_Out_ CREDENTIAL_PROVIDER_STATUS_ICON *pcpsiOptionalStatusIcon)
{
HRESULT hr = E_UNEXPECTED;
*pcpgsr = CPGSR_NO_CREDENTIAL_NOT_FINISHED;
*ppwszOptionalStatusText = nullptr;
*pcpsiOptionalStatusIcon = CPSI_NONE;
ZeroMemory(pcpcs, sizeof(*pcpcs));
if (_fIsLocalUser)
{
PWSTR pwzProtectedPassword;
hr = ProtectIfNecessaryAndCopyPassword(_rgFieldStrings[SFI_PASSWORD], _cpus, &pwzProtectedPassword);
if (SUCCEEDED(hr))
{
PWSTR pszDomain;
PWSTR pszUsername;
hr = SplitDomainAndUsername(_pszQualifiedUserName, &pszDomain, &pszUsername);
if (SUCCEEDED(hr))
{
KERB_INTERACTIVE_UNLOCK_LOGON kiul;
hr = KerbInteractiveUnlockLogonInit(pszDomain, pszUsername, pwzProtectedPassword, _cpus, &kiul);
if (SUCCEEDED(hr))
{
hr = KerbInteractiveUnlockLogonPack(kiul, &pcpcs->rgbSerialization, &pcpcs->cbSerialization);
if (SUCCEEDED(hr))
{
ULONG ulAuthPackage;
hr = RetrieveNegotiateAuthPackage(&ulAuthPackage);
if (SUCCEEDED(hr))
{
pcpcs->ulAuthenticationPackage = ulAuthPackage;
pcpcs->clsidCredentialProvider = CLSID_CSample;
*pcpgsr = CPGSR_RETURN_CREDENTIAL_FINISHED;
}
}
}
CoTaskMemFree(pszDomain);
CoTaskMemFree(pszUsername);
}
CoTaskMemFree(pwzProtectedPassword);
}
}
Hello @Auishik Pyne,
As this issue is complex, you can open a Windows SDK incident at https://developer.microsoft.com/en-us/windows/support/?tabs=Contact-us so that our engineer can work with you closely and please choose the 'Security Development - Credential provider API' for this issue. In-addition, if the support engineer determines that the issue is the result of a bug the service request will be a no-charge case and you won't be charged.
Got this. I am unable to proceed further.
@Auishik Pyne, you may change your account profile 's country to America for a workaround in order to open a Windows SDK incident.