Asymmetric authentication #24
Comments
|
What do you mean by asymmetric authentication? |
|
By asymmetric authentication, I’m referring to an authentication model similar to SSH, where a user is authenticated by a private key. The Credential Provider would verify this key against a public key, enabling a password-less login. Is there a way for the Credential Provider to handle such an authentication using key pairs? |
|
Credential providers only capture user authentication and pass it to LSASS. Inside LSASS an authentication package is what determines if a user is authorised to login or not. https://learn.microsoft.com/en-us/windows/win32/secauthn/authentication-packages So in your scenario you'd need a credential provider to interact with the user, and a auth package to know what to do with the material signed by the users key. However that's only going to be good for a local login. Won't allow access to domain resources. AD supports password and x509 certificates (smart cards) only. |
|
so from what i had read, x509 certificates are what im looking for. Does this library support it, as I couldn't find anything in samples or source code, only password type login. |
|
sorry for bothering but are there any updates on this? |
|
@LDzik sorry I missed your reply. This wraps the Windows Credential Provider framework, so any logon capture type would be supported, but I'm afraid I don't have examples for them. The key to your scenario would be overriding OnGetSerialization() and returning a native structure that contains your smart card creds. |
Is asymmetric authentication possible with windows credential provider. I'm asking because i couldn't find anything helpful about this topic.
The text was updated successfully, but these errors were encountered: