Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
platform
active.directory
adsi
adsi.iis-admin
base
com_ole
complus_mts
component_svcs
database
directx
gdi
graphics_mm
internet.client
internet.server
internet.server.isapi-dev
localization
mapi
messaging
msi
mslayerforunicode
multimedia
networking
networking.ipv6
sdk_install
security
shell
telephony.tapi_2
telephony.tapi_3
telephony.tsp
telephony.wte
tools
ui
ui_shell
win_base_svcs
win16
  
 
date: Tue, 20 May 2008 06:07:01 -0700,    group: microsoft.public.platformsdk.security        back       


emote console, WlxQueryConsoleSwitchCredentials, and WlxGetConsole    
Hi,

I implemented a custom Gina (full implementation, not a stub) but haven't
found a way to overcome the described below problem yet. It appears during
Remote console logon. 
Case A. A user is logged on locally and you try to login remotely using the
same user. Everything seems to work fine - the local consol session
transparently gets passed to the remote consol (actually the sessions
switch). The weird thing is that the local consol goes in "log off" state -
if you use msgina it goes to "lock computer"

Case B. Nobody is logged in locally or you try to login with different user
then the one logged on locally. Something gets wrong. The following sequence
of events occur:

On the Remote console:
1. WlxInitialize
2. WlxLoggedOutSAS, WLX_SAS_TYPE_CTRL_ALT_DEL(1) - credentials acquired and
verified; WLX_SAS_ACTION_LOGON returned
3. WlxGetConsoleSwitchCredentials - credentials passed and TRUE returned

On the Local console:
4. WlxDisconnectNotify

Now sessions get switched (remote become local and vice versa)

On the Remote (old local) console
5a. WlxLoggedOutSAS, WLX_SAS_TYPE_AUTHENTICATED(7) - I try to call
WlxQueryConsoleSwitchCredentials but it fails with ERROR_IO_PENDING
5b. WlxReconnectNotify (almost immediately after 4a)

On the Local (old remote) console:
6. WlxInitialize - WHY???
7. WlxLoggedOutSAS, WLX_SAS_TYPE_CTRL_ALT_DEL(1)

And now the interesting part - second time credentials supplied!
On the Remote (old local) console:
8. WlxLoggedOutSAS, WLX_SAS_TYPE_CTRL_ALT_DEL(1) - credentials acquired and
verified; WLX_SAS_ACTION_LOGON returned
9. Remote console opens!!!!!

Why the local console goes in "log off" state?
Why does WlxQueryConsoleSwitchCredentials fails?
Why WlxInitialize is called again?
Why the after supplying credentials for a second time is succeeds?

I know the answer of the forth question. It works as Case A (see above)
works - the logon session already exists and it just attaches to it.

Having said all that, have anyone found a solution of that problem? Can
anyone help me?

Thanks,
date: Tue, 20 May 2008 06:07:01 -0700   author:   Abdul Khaliq

RE: emote console, WlxQueryConsoleSwitchCredentials, and WlxGetConsole    
I have the same issue and could not fing solution to the problem:
i.e if there is no user logged in Terminal Server des not let you in and 
present you again with notify SAS dialog. 2nd time it lets you in. now if you 
logout from TS Session, you have to do same on workstation.

I think, have to use pGINA source to overcome this issue. The sample 
provided by Kieth is not working and hence all GINA written using that source.

I am disappointed as there is no response and documentation. I wrote 
Credential Provider for vista and it has a bug too. It let you go in even sub 
authentication on domain rejects (if you have previous successfully logged 
in). This does not happen on 2008 server and it behaves.

Kashif
CRYPTOCard Canada

"Abdul Khaliq" wrote:

> Hi,
> 
> I implemented a custom Gina (full implementation, not a stub) but haven't
> found a way to overcome the described below problem yet. It appears during
> Remote console logon. 
> Case A. A user is logged on locally and you try to login remotely using the
> same user. Everything seems to work fine - the local consol session
> transparently gets passed to the remote consol (actually the sessions
> switch). The weird thing is that the local consol goes in "log off" state -
> if you use msgina it goes to "lock computer"
> 
> Case B. Nobody is logged in locally or you try to login with different user
> then the one logged on locally. Something gets wrong. The following sequence
> of events occur:
> 
> On the Remote console:
> 1. WlxInitialize
> 2. WlxLoggedOutSAS, WLX_SAS_TYPE_CTRL_ALT_DEL(1) - credentials acquired and
> verified; WLX_SAS_ACTION_LOGON returned
> 3. WlxGetConsoleSwitchCredentials - credentials passed and TRUE returned
> 
> On the Local console:
> 4. WlxDisconnectNotify
> 
> Now sessions get switched (remote become local and vice versa)
> 
> On the Remote (old local) console
> 5a. WlxLoggedOutSAS, WLX_SAS_TYPE_AUTHENTICATED(7) - I try to call
> WlxQueryConsoleSwitchCredentials but it fails with ERROR_IO_PENDING
> 5b. WlxReconnectNotify (almost immediately after 4a)
> 
> On the Local (old remote) console:
> 6. WlxInitialize - WHY???
> 7. WlxLoggedOutSAS, WLX_SAS_TYPE_CTRL_ALT_DEL(1)
> 
> And now the interesting part - second time credentials supplied!
> On the Remote (old local) console:
> 8. WlxLoggedOutSAS, WLX_SAS_TYPE_CTRL_ALT_DEL(1) - credentials acquired and
> verified; WLX_SAS_ACTION_LOGON returned
> 9. Remote console opens!!!!!
> 
> Why the local console goes in "log off" state?
> Why does WlxQueryConsoleSwitchCredentials fails?
> Why WlxInitialize is called again?
> Why the after supplying credentials for a second time is succeeds?
> 
> I know the answer of the forth question. It works as Case A (see above)
> works - the logon session already exists and it just attaches to it.
> 
> Having said all that, have anyone found a solution of that problem? Can
> anyone help me?
> 
> Thanks,
date: Tue, 3 Jun 2008 12:31:00 -0700   author:   Kashif Mushtaq Kashif

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us