Credential Provider and Azure Ad

Gene 6 Reputation points
2022-11-06T03:41:57.21+00:00

I have a credential provider that's working for local accounts and local domain accounts, but failing for Azure AD accounts.
It's based on the https://github.com/microsoft/Windows-classic-samples/tree/main/Samples/CredentialProvider.

The local user case works as intended, but the non-local doesn't.

The sample code uses
DWORD dwAuthFlags = CRED_PACK_PROTECTED_CREDENTIALS | CRED_PACK_ID_PROVIDER_CREDENTIALS;
and I get error 87 when I call CredPackAuthenticationBuffer.

If I try
DWORD dwAuthFlags = CRED_PACK_ID_PROVIDER_CREDENTIALS;

I don't get errors reported but get an invalid username or password on the screen.

I also tried
DWORD dwAuthFlags = CRED_PACK_GENERIC_CREDENTIALS | CRED_PACK_ID_PROVIDER_CREDENTIALS;
again, not errors from the code but this time I get invalid parameter.

I've tried just AzureAD\username and AzureAD\username@keyman .com of course using my username and domain.

Any guidance would be welcome.

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,512 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,534 questions
{count} votes