I need to know if is there any documentation on how I could add a custom user interface with a code written by me in C# to a credential provider done with pGina (http://pgina.org/) for Windows 10.
I have an application to make facial recognition done with Egmu CV in C# and in another side, I have developed a plugin with pGina to be used as a Windows Credential Provider, but I don't know how to join both things.
The problem I have is that all the documentation I have found on the web, is based on using the Windows user and password inputs interface, but I need to be able to show the webcam capture in the logon and unlock screens, authenticate the user using the app I've done, and if everything is right, authorize the user to access the computer. The KeyLemon app, has this feature, I need to know if it is possible to do it with pGina, to avoid the pain of creating all the CP code from scratch.
Any help will be really appreciated.
Thank you very much!!!!!!
Related
I am trying to build one intranet application. What I am trying to do is to authenticate the user using the biometric system, fingerprints to be precise. Like in some laptops or notebooks I have seen there is
a fingerprint authentication system. The same thing I am trying to build but not for a particular person. The only difference is that the person's biometric information would be stored on LDAP server. So
that anyone who has the right access to use that particular machine can use after getting authenticated. I am trying to get the user's biometric information using an external biometric device. I have gone through few documentations on Windows Biometric Framework. And using sensor adapter and engine adapter as plug-ins I can get the user's biometric information and also get processed and can send to the server.
The only query I am having here is:
First thing first am I breaking any Microsoft's policy here by achieving this?
If not then how can I get windows system lock and unlock after
getting the response from the server whether the user is valid or not?
Has anyone ever tried this ?
Can anyone help me to get this ?
Thank you in advance.
If you're saying that you want to actually notify the built in windows login / authentication system (known as a system credential provider) that the user is authenticated then this is not supported by the official windows API. If this was supported anyone could create malware that simply notified the API that a user is authenticated / authorized, thereby essentially rendering all of windows security meaningless. So we should be grateful this is not officially supported.
Trying to implement something like that without official API support would definitely be against the terms of use. Since its not officially supported, you would have to resort to some awful hacks to get it to work, the implementation of which would almost certainly be considered either reverse engineering the kernel or hacking the kernel (or both) by Microsoft's legal team. Even if you believed they were wrong... would you really want to fight them (and their deep pockets)?
Let's also consider that if no official unlock API exists, then you would be required to use some kind of backdoor to achieve it. If such a thing even exists, then it would certainly be subject to being rendered useless by an MS update (which would nuke your app's login implementation).
Now that the fire and fury is out of the way, let me state that all is not lost, provided you are targeting a more recent version of windows.
You can implement your own biometric security system as you described. This is now known as a third party credential provider This would be a separate system, and Microsoft recommends that you require users setup a system credential provider as a fallback in case your third party credential system fails for any reason. If not, the user account would be impossible to recover. Again, they key difference from the first example is that your system is separate and distinct from the system credential provider (windows native lock screen).
I would like to stress though, that implementing a third party credential system is still far from trivial. You will want to read up extensively on the proper interfaces you will have to implement. I'd recommend starting here:
https://msdn.microsoft.com/en-us/library/windows/desktop/mt158211%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
There is also apparently a sample located in the Windows SDK installation directory under \Samples\Security\CredentialProvider. Also, there is a nice technical reference of credential providers located here:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb648647%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
Click the link that says "Credential Provider driven Windows Logon Experience" to download the tech document.
I'm looking for a way to replace the windows text password login.
My app should be launched automatically and ask the user a few questions, if everything is correct than the user should be allowed to be logged in.
I don't my that a text password will be submitted by my app in the background.
the environment is very similar to face recognition/finger print recognition login.
Where should i start? (:
Thanks
See here:
Windows Credential Provider with C#
and here: http://pgina.org/
(I have no personal experience with this ... as yet.)
This is possible.
Different Windows versions offer different mechanisms to achieve what you want:
in Vista and newer you have to create a Credential Provider
in XP you need to create and a GINA DLL
BEWARE: it might be difficult to do this in .NET, you most probably will need to code a native solution (C/C++ for example).
I'm currently writing an application in C# (Windows 8 Windows Store App, .Net 4.5), what would highly rely on one thing I never worked before: user management.
The application to be done has to access a Windows-based server, and parse the login information with that server, then display functions, profile information, etc., based on that user data. Right now I'm stuck at the really beginning, I have no clue how to solve a global user for the whole application (pretty much like the XBox application, it would be nice to have a small user representation on the top right corner in every screen).
About the platform: we use Windows solution for user management in the whole network (there's a Microsoft ActiveDirectory server running), supplying the information for the Exchange and SharePoint servers. What I want to do is to authenticate the user with the AD server, pull the information (full name, role, access, other user data), then using these information, first display the user profile on the top right corner (the XBox Win8 app style), and load the accessible functions (this will be based on role and other domains of the user, e.g. groups).
If anyone knew a tutorial or solution what can get me closer solving this very part of the problem, it would be great!
There are specific libraries included in the .NET Framework for handling active directory requests. Take a look here:
Generic Authentication Call to Active Directory in C#
http://support.microsoft.com/kb/316748
It would be great if somebody could help me with strategic input, how to achieve my goal:
I wrote a C# Desktop Application (WPF)
I have a Google App Engine Project, which delivers Data for an Android App
Now my Desktop Application needs to pass some Data to my App Engine Application. Therefore, the Application must authenticate as Owner of the App Engine Application. As, all other Google Methods are deprecated, I have to go heading OAUTH2 to let my Desktop App authenticate itself as owner.
Therefore I have to register a project at Google Apis Console.
BUT:
I dont need any Service(s) of the listed Google APIS (Maps, ...), because to authenticate as Owner, its absolutely enough to sign in to a Google Account (GmailAccount, Google Account, whatever). This lets my App Engine App recognize me as Owner.
I would appreciate advice about:
Should I register a project without Service just to Sign In via OAUTH2?
(Is this possible?)
Sign in to another Service (means, taking the easiest way, just to be able to authenticate as Owner) seems not to be very "clean" sollution. Is this right, or should I go this way?
.. I also read about Service Accounts, but dont want to use this, because I want to be able to manipulate my app also via my "Human"-Account via any Webbrowser.
Thanks for any advice!
You can provide Google OAuth sign in without using any of Google's other services. Your OAuth client would just have an empty scope. You should be able to get the basic user info and email (so you can figure out who is who by something other than full name) without enabling any services as well.
You will still need a way to flag that you are you in your app (probably just hardcode your email in your app, then check it against who authenticates with OAuth would be the easiest)
I'm currently working on integrating a c# gesture authentication program using the kinect into windows as a form of authentication for part of my final year project. Once the c# program authenticates, there will be an event fired if the gesture supplied is authenticated to be a valid gesture.
So my question is:
I'm currently using the sampleHardWareEventCredentialProvider from microsoft. Is it suitable for what I want to achieve?
Can the custom credential provider be coded in such a way that it can call my c# program to do the authenticating and return an event to the credentialProvider whether the authentication was a success or not? If yes, could anyone kindly point me in the right direction?
I think that to create a custom Credential Provider you need to implement the ICredentialProvider COM interface http://msdn.microsoft.com/en-us/library/windows/desktop/bb776042.aspx . You can do this using C# (maybe like http://www.codeproject.com/Articles/7859/Building-COM-Objects-in-C ). Are you already using SampleHardWareEventCredentialProvider with C# successfully?
The sample hardware Credential Provider, certainly from what I've read, is made for what you're trying to do, as it;s currently geared-up for authentication a user via third-party hardware, such as fingerprint readers, etc. One would imagine that Kinect would fit nicely into that model, assuming you could get the gesture element right!! Also, bear in mind that the Credential Providers were written for Vista, so Kinect may not have been a glint in a MS-Dev's eye at the time.
In terms of your second point, about being able to call a C# application to do the authenticating, yes you certainly can, as I've done it this week myself using a WPF application to write a self-service password reset app. I've not needed to return an event/data back to the Credential Provider from the C# application, as I've not needed to do that, but can't imagine that this is a massive pitfall.
Hope this helps.