|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
CredUIConfirmCredentials behaves unexpectedlyI'm using CredUIConfirmCredentials in combination with CredUIPromptForCredentials. I set the EXPECT_CONFIRMATION and when the credentials are first provided by the user, the call to CredUIConfirmCredentials returns NO_ERROR as expected. However, on all subsequent calls to CredUIConfirmCredentials with the same credentials ERROR_INVALID_PARAMETER is returned. This is described by the SDK docs at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/creduiconfirmcredentials.asp as "An attempt to confirm a waiting credential failed because the credential contained invalid or inconsistent data." which is rather confusing as they are exactly the same credentials that were successfully saved originally. The same result is returned if you enter a different password for the same username. What is even more confusing is that the new credentials are actually persisted - which seems to indicate that the return value is actually indicating that the persisted credentials were overwritten - not that there was a error. Am I missing something, or is the documentation incorrect? -- Alan Dean email: adeanRemoveThisT***@hotmail.com blog: http://www.dotnetjunkies.com/weblog/alan.dean/ Hi Alan,
I'm not sure if I ever had to deal with this issue but you may take a look at this sample project where you will find a class that uses this API along with samples that hopefully may help you with your problem. Project: http://sourceforge.net/projects/ncrypto/ Class name: UICredentialsHelper Regards, Hernan de Lahitte http://clariusconsulting.net/hdl Show quoteHide quote "Alan Dean" <adeanRemoveThisT***@hotmail.com> wrote in message news:%23iubjdpSFHA.3312@TK2MSFTNGP12.phx.gbl... > Hi, > > I'm using CredUIConfirmCredentials in combination with > CredUIPromptForCredentials. > > I set the EXPECT_CONFIRMATION and when the credentials are first provided > by the user, the call to CredUIConfirmCredentials returns NO_ERROR as > expected. However, on all subsequent calls to CredUIConfirmCredentials > with the same credentials ERROR_INVALID_PARAMETER is returned. This is > described by the SDK docs at > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/creduiconfirmcredentials.asp > as "An attempt to confirm a waiting credential failed because the > credential contained invalid or inconsistent data." which is rather > confusing as they are exactly the same credentials that were successfully > saved originally. > > The same result is returned if you enter a different password for the same > username. What is even more confusing is that the new credentials are > actually persisted - which seems to indicate that the return value is > actually indicating that the persisted credentials were overwritten - not > that there was a error. Am I missing something, or is the documentation > incorrect? > > -- > Alan Dean > email: adeanRemoveThisT***@hotmail.com > blog: http://www.dotnetjunkies.com/weblog/alan.dean/ > Hernan,
Thanks for the link - an interesting library, but it seems to exhibit the same problem. It is interesting to see how two developers can come up with radically different solutions to the same problem (in this case, wrapping the CredUIPromptForCredentials call) - I blogged my solution at http://dotnetjunkies.com/WebLog/alan.dean/archive/2005/04/27/71592.aspx Regards, Alan Dean Show quoteHide quote "Hernan de Lahitte" <hernan_delahi***@hotmail.com> wrote in message news:eQ6HXYySFHA.3544@TK2MSFTNGP12.phx.gbl... > Hi Alan, > > I'm not sure if I ever had to deal with this issue but you may take a look > at this sample project where you will find a class that uses this API > along with samples that hopefully may help you with your problem. > > Project: http://sourceforge.net/projects/ncrypto/ > Class name: UICredentialsHelper > > Regards, > > Hernan de Lahitte > http://clariusconsulting.net/hdl > > > "Alan Dean" <adeanRemoveThisT***@hotmail.com> wrote in message > news:%23iubjdpSFHA.3312@TK2MSFTNGP12.phx.gbl... >> Hi, >> >> I'm using CredUIConfirmCredentials in combination with >> CredUIPromptForCredentials. >> >> I set the EXPECT_CONFIRMATION and when the credentials are first provided >> by the user, the call to CredUIConfirmCredentials returns NO_ERROR as >> expected. However, on all subsequent calls to CredUIConfirmCredentials >> with the same credentials ERROR_INVALID_PARAMETER is returned. This is >> described by the SDK docs at >> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/creduiconfirmcredentials.asp >> as "An attempt to confirm a waiting credential failed because the >> credential contained invalid or inconsistent data." which is rather >> confusing as they are exactly the same credentials that were successfully >> saved originally. >> >> The same result is returned if you enter a different password for the >> same username. What is even more confusing is that the new credentials >> are actually persisted - which seems to indicate that the return value is >> actually indicating that the persisted credentials were overwritten - not >> that there was a error. Am I missing something, or is the documentation >> incorrect? >> >> -- >> Alan Dean >> email: adeanRemoveThisT***@hotmail.com >> blog: http://www.dotnetjunkies.com/weblog/alan.dean/ >> > > 
Other interesting topics
Encrypt with RijndaelManaged and decrypt with OpenSSL
Event Log Write access under ASP.NET Creating User Accounts with or without Active Directory Upgrading Encryption to .Net not Working!!!!!!! Access denied with interop Code Source Security How to share a Principal within a ThreadPool ? Windows Authentication Newbie Question Windows security context Very slow Principal.IsInRole call... |
|||||||||||||||||||||||
