Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,430 questions
Credential Provider and Azure Ad
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 21%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
Gene
6
Reputation points
I have a credential provider that's working for local accounts and local domain accounts, but failing for Azure AD accounts.
It's based on the https://github.com/microsoft/Windows-classic-samples/tree/main/Samples/CredentialProvider.
The local user case works as intended, but the non-local doesn't.
The sample code uses
DWORD dwAuthFlags = CRED_PACK_PROTECTED_CREDENTIALS | CRED_PACK_ID_PROVIDER_CREDENTIALS;
and I get error 87 when I call CredPackAuthenticationBuffer.
If I try
DWORD dwAuthFlags = CRED_PACK_ID_PROVIDER_CREDENTIALS;
I don't get errors reported but get an invalid username or password on the screen.
I also tried
DWORD dwAuthFlags = CRED_PACK_GENERIC_CREDENTIALS | CRED_PACK_ID_PROVIDER_CREDENTIALS;
again, not errors from the code but this time I get invalid parameter.
I've tried just AzureAD\username and AzureAD\username@keyman .com of course using my username and domain.
Any guidance would be welcome.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXY%3C/text%3E%3C/svg%3E)
Xiaopo Yang - MSFT 11,501 Reputation points Microsoft Vendor2022-11-07T06:43:15.223+00:00 It's definite that there are configurations in Azure AD account and It's necessary to change the sample Authentication code. For example, Log in to a Windows virtual machine in Azure by using Azure AD.
There is a sample, Google Credential Provider for Windows, which lets users sign in to Windows devices with the Google Account they use for work and you can refer to. There are also some CP code examples, one of which is MultiOneTimePassword which supports various authentication. -
Gene 6 Reputation points
2022-11-07T21:40:46.023+00:00 Thank you Xiaopo. It appears that the Microsoft sample is indeed out of data and doesn't work correctly Azure AD accounts. The MultiOneTimePassword didn't deal with non-local users at all, which gave me the clue that I needed.
-
Xiaopo Yang - MSFT 11,501 Reputation points Microsoft Vendor
2022-11-08T02:25:55.99+00:00 Does your computer join in Azure AD? I mean can you login your Windows using Azure AD account normally? Probably, It's not a custom credential provider issue.
-
Gene 6 Reputation points
2022-11-08T05:01:38.637+00:00 Sure. I joined the machine to an Azure AD and could log in using that account.
My problem was that my CP using the Azure AD credentials wouldn't login.I have it working now....at least for now. <grin>
Sign in to comment