I am implementing an OTP solution based on the Microsoft document " Strong authentication with one-time passwords in Windows 7 and Windows Server 2008 R2 ."
A summary of the relevant part of this document is to essentially fake the presence of a smart card reader by implementing its own key provider (KSP) for the Windows CNG subsystem. However, following the instructions as described, I cannot force my custom KSP to be used by the OS if necessary.
In my credential provider, I create an authentication package with the structures KERB_CERTIFICATE_LOGON and KERB_SMARTCARD_CSP_INFO. My custom KSP is referenced in KERB_SMARTCARD_CSP_INFO as needed (it is also correctly registered, can be listed, and can be used with the NCrypt API). However, it never loads the OS after returning ICredentialProviderCredential :: GetSerialization (even the DLL does not load into memory) or while calling LsaLogonUser () in my standalone test application.
The problem is identical to that described here on the MSDN forums (without any answers), and I came to the same conclusion that the problem is with the contents of KERB_SMARTCARD_CSP_INFO (an example of use can be found here ) - however, due to the lack of documentation and more than one example of this rare case, I do not know what to do...
source
share