ryannewington
commented
2 weeks ago What do you mean by asymmetric authentication?
Open LDzik opened 2 weeks ago
ryannewington
commented
2 weeks ago What do you mean by asymmetric authentication?
LDzik
commented
2 weeks ago By asymmetric authentication, I’m referring to an authentication model similar to SSH, where a user is authenticated by a private key. The Credential Provider would verify this key against a public key, enabling a password-less login. Is there a way for the Credential Provider to handle such an authentication using key pairs?
ryannewington
commented
2 weeks ago Credential providers only capture user authentication and pass it to LSASS. Inside LSASS an authentication package is what determines if a user is authorised to login or not.
https://learn.microsoft.com/en-us/windows/win32/secauthn/authentication-packages
So in your scenario you'd need a credential provider to interact with the user, and a auth package to know what to do with the material signed by the users key.
However that's only going to be good for a local login. Won't allow access to domain resources. AD supports password and x509 certificates (smart cards) only.
LDzik
commented
2 weeks ago so from what i had read, x509 certificates are what im looking for. Does this library support it, as I couldn't find anything in samples or source code, only password type login.
LDzik
commented
5 days ago sorry for bothering but are there any updates on this?
ryannewington
commented
4 days ago @LDzik sorry I missed your reply. This wraps the Windows Credential Provider framework, so any logon capture type would be supported, but I'm afraid I don't have examples for them.
The key to your scenario would be overriding OnGetSerialization() and returning a native structure that contains your smart card creds.
Is asymmetric authentication possible with windows credential provider. I'm asking because i couldn't find anything helpful about this topic.