|
|
|
date: Sat, 05 Jul 2008 23:43:02 +0100,
group: microsoft.public.platformsdk.security
back
Re: LsaLogonUserEx2, LsaLogonUser and LsaLogonUserEx
I found the answer to my question:
http://msdn.microsoft.com/en-us/library/aa374731(VS.85).aspx
LsaApLogonUser
Called when the authentication package has been specified in a call to
LsaLogonUser. This function authenticates a security principal's logon data.
LsaApLogonUserEx
Identical to LsaApLogonUser except that it returns the workstation name
for audit purposes.
An authentication package can implement LsaApLogonUser,
LsaApLogonUserEx, or LsaApLogonUserEx2. It does not need to implement
them all.
LsaApLogonUserEx2
Identical to LsaApLogonUserEx except that it returns the security
principal's primary and supplemental credentials. An authentication
package can implement LsaApLogonUser, LsaApLogonUserEx, or
LsaApLogonUserEx2. It does not need to implement them all.
Yannick wrote:
> Hi,
>
> I'm currently developing my own Credential Provider and Authentication
> Package on Windows Vista.
>
> I've succeeded to hook them up and I can trace which function of my
> Authentication Package is called when I try to log in with my Credential
> Provider.
>
> For the moment, only LsaLogonUserEx2 is called. According to the MSDN
> documentation LsaLogonUserEx2, LsaLogonUser and LsaLogonUserEx perform
> the same but have different parameters.
>
> What is the difference between these functions? How should I choose
> which one to implement?
>
> Thank you for your help,
> Yannick
date: Thu, 10 Jul 2008 08:13:44 +0100
author: Yannick
Re: LsaLogonUserEx2, LsaLogonUser and LsaLogonUserEx
On Jul 10, 12:13 am, Yannick wrote:
> I found the answer to my question:
>
> http://msdn.microsoft.com/en-us/library/aa374731(VS.85).aspx
>
> LsaApLogonUser
> Called when the authentication package has been specified in a call to
> LsaLogonUser. This function authenticates a security principal's logon data.
>
> LsaApLogonUserEx
> Identical to LsaApLogonUser except that it returns the workstation name
> for audit purposes.
> An authentication package can implement LsaApLogonUser,
> LsaApLogonUserEx, or LsaApLogonUserEx2. It does not need to implement
> them all.
>
> LsaApLogonUserEx2
> Identical to LsaApLogonUserEx except that it returns the security
> principal's primary and supplemental credentials. An authentication
> package can implement LsaApLogonUser, LsaApLogonUserEx, or
> LsaApLogonUserEx2. It does not need to implement them all.
>
>
>
> Yannick wrote:
> > Hi,
>
> > I'm currently developing my own Credential Provider and Authentication
> > Package on Windows Vista.
>
> > I've succeeded to hook them up and I can trace which function of my
> > Authentication Package is called when I try to log in with my Credential
> > Provider.
>
> > For the moment, only LsaLogonUserEx2 is called. According to the MSDN
> > documentation LsaLogonUserEx2, LsaLogonUser and LsaLogonUserEx perform
> > the same but have different parameters.
>
> > What is the difference between these functions? How should I choose
> > which one to implement?
>
> > Thank you for your help,
> > Yannick- Hide quoted text -
>
> - Show quoted text -
The important thing for your case is that you are trying to implement
an AP specifically to be used by your CP. Even though a generic AP can
implement whatever it feels like it needs to (based on which set of
parameters will meet the requirements), an AP that will be used by a
CP has to implement LsaLogonUserEx2 because that is the interface the
CP is hard-wired to use.
Make sense?
Dave
date: Thu, 10 Jul 2008 06:29:04 -0700 (PDT)
author: DaveMo
Re: LsaLogonUserEx2, LsaLogonUser and LsaLogonUserEx
DaveMo wrote:
> On Jul 10, 12:13 am, Yannick wrote:
>> I found the answer to my question:
>>
>> http://msdn.microsoft.com/en-us/library/aa374731(VS.85).aspx
>>
>> LsaApLogonUser
>> Called when the authentication package has been specified in a call to
>> LsaLogonUser. This function authenticates a security principal's logon data.
>>
>> LsaApLogonUserEx
>> Identical to LsaApLogonUser except that it returns the workstation name
>> for audit purposes.
>> An authentication package can implement LsaApLogonUser,
>> LsaApLogonUserEx, or LsaApLogonUserEx2. It does not need to implement
>> them all.
>>
>> LsaApLogonUserEx2
>> Identical to LsaApLogonUserEx except that it returns the security
>> principal's primary and supplemental credentials. An authentication
>> package can implement LsaApLogonUser, LsaApLogonUserEx, or
>> LsaApLogonUserEx2. It does not need to implement them all.
>>
>>
>>
>> Yannick wrote:
>>> Hi,
>>> I'm currently developing my own Credential Provider and Authentication
>>> Package on Windows Vista.
>>> I've succeeded to hook them up and I can trace which function of my
>>> Authentication Package is called when I try to log in with my Credential
>>> Provider.
>>> For the moment, only LsaLogonUserEx2 is called. According to the MSDN
>>> documentation LsaLogonUserEx2, LsaLogonUser and LsaLogonUserEx perform
>>> the same but have different parameters.
>>> What is the difference between these functions? How should I choose
>>> which one to implement?
>>> Thank you for your help,
>>> Yannick- Hide quoted text -
>> - Show quoted text -
>
> The important thing for your case is that you are trying to implement
> an AP specifically to be used by your CP. Even though a generic AP can
> implement whatever it feels like it needs to (based on which set of
> parameters will meet the requirements), an AP that will be used by a
> CP has to implement LsaLogonUserEx2 because that is the interface the
> CP is hard-wired to use.
>
> Make sense?
>
> Dave
Hi Dave,
It makes sense yes. However, if I declare only LsaApLogonUser in my AP
it will be called by my CP. Any explanation for this?
Thanks a lot for your answers.
Yannick
date: Fri, 11 Jul 2008 23:06:44 +0100
author: Yannick
|
|
