Calling Windows WebAuthn API in Custom Credential Providers

Steven Chu 15 Reputation points
2023-07-04T08:00:36.2933333+00:00

I've made a simple console application that calls Windows WebAuthn API's WebAuthNAuthenticatorGetAssertion() which will display CredentialUIBroker.exe to authenticate with an external FIDO2 security key.

I'm trying to integrate that application with my Custom Credential Provider by executing it in a child process. However, the UI does not show up on the login page. I went to check the system event log and saw that the authentication process failed with Error: 0x8000401A. The server process could not be started because the configured identity is incorrect. Check the username and password, which is odd because by using the same credential id and the same security key, the process will be successful in a normal logged in session.

There are some discussions claiming that we could not use Windows WebAuthn API in Credential Provider and that we must use another fido client such as libfido2. However, one discussion suggests that it was just a UI thread problem and we should be able to show the Broker just like how we create a window in samplehardwareeventcredentialprovider.

I've tried to call the WebAuthNAuthenticatorGetAssertion() using the other thread and also from the CommandLinkClicked callback and both attempts failed.

Are we limited to using a third-party fido client in Credential Provider? What could be causing the failed authentication in my process? It will be unfortunate if we could not use Windows WebAuthn API in Credential Provider since it provides a simple way to operate with FIDO-compatible devices.

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,828 questions
Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,680 questions
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,783 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,953 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,136 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Xiaopo Yang - MSFT 12,726 Reputation points Microsoft Vendor
    2023-07-05T01:51:32.3533333+00:00

    Hello @Steven Chu,

    As this issue is complex, please open an incident at link below so that our engineer can work with you closely: https://developer.microsoft.com/en-us/windows/support/?tabs=Contact-us and please choose the 'Security Development - Credential provider API' for Windows SDK for this issue. In-addition, if the support engineer determines that the issue is the result of a bug the service request will be a no-charge case and you won't be charged.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.