Custom Credential Provider for Password Reset

The credential provider for Password Reset is fairly simply and straight forward. Since I have joined the team, there is very little code change in that area. Recently, we decided to fix some minor known bug in the credential provider (CP) and I realized I don't know too much about how CP works.

So I  downloaded the samples in Windows SDK and played with it. After some time, I came up with the following.

Notice the extra tile at logon screen

... and after you click on the tile.
 

Feel free to download the source code and play with it. The zip file contains x86 and x64 release builds.

 P.S. You have to click into this post to see the attachment.

WARNING: THIS CUSTOM CREDENTIAL PROVIDER IS NOT SUPPORTED AND IS PROVIDED AS IS WITHOUT ANY WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED.

CustomCP.zip

Comments

  • Anonymous
    January 01, 2003
    I want to hardcode PIN while smart logon. I read topic: stackoverflow.com/.../certificate-based-login I create instanse of struct KERB_CERTIFICATE_LOGON and then fill it  in ICredentialProviderCredential::GetSerialization method. What should I do next?

  • Anonymous
    January 01, 2003
    i haven't looked into that maybe, the GetSerialization() in the sample is for local logon only this might have some useful information http://msdn.microsoft.com/en-us/library/bb776026%28VS.85%29.aspx

  • Anonymous
    January 01, 2003
    This is really cool! I installed it on a W.2008 R2, and it runs perfectly! Congrats.

  • Anonymous
    January 01, 2003
    What are you trying to accomplish? This is just an illustration based on the Windows SDK on how to develop a Credential Provider

  • Anonymous
    January 01, 2003
    Have you tried this? support.microsoft.com/.../224816

  • Anonymous
    January 01, 2003
    I have a question which you may know the answer two. I downloaded the Credential Provider Sample from MS and was able to unlock on a computer with no DOMAIN but it failed on a computer on a DOMAIN. Should domain be passed in any special way along with the username (DOMAINusername did not seem to work) - or do the whole sample needs to be rewritten in order to support domain logon? Thanks!

  • Anonymous
    January 01, 2003
    This is FIM 2010 specific

  • Anonymous
    December 14, 2009
    Anthony, I would love to check out the code but I can't find the link.

  • Anonymous
    December 14, 2009
    Never mind I see it. Eyes too watery from my cold

  • Anonymous
    July 24, 2011
    I need a Credential Provider to open a web page that allows the user to reset their password. Any suggestions would be greatly appreciated.

  • Anonymous
    July 26, 2011
    I will give that a try. Thanks alot, there is not a lot of resources on Credential Provider, and your blog is very helpful :)

  • Anonymous
    September 05, 2012
    Thanks a million!

  • Anonymous
    November 20, 2012
    Hi, I can't found the GateFramework.dll. It's include in SDK or custom by your self? thanks :)

  • Anonymous
    November 20, 2012
    GateFramework.dll is part of Password Reset Client in Forefront Identity Manager 2010.

  • Anonymous
    May 24, 2013
    Will this work with Windows 7 Embedded?

  • Anonymous
    December 12, 2013
    Hi Anthony! I hava a question for you! This tool work only with FIM2010? I try to install into my PC and it's ok but when i try to reset my domain user password i recived this response: FAIL: LOADLIBRARY (GATE_FRAMEWORK_MODUL). Tks.

  • Anonymous
    January 27, 2014
    Hi Anthony,Does the source code can work with a link to a web application which i wrote using ASP.NET?Or is it works just with FIM2010?

  • Anonymous
    April 10, 2014
    Hi Anthony, can you tell me how to integrate the source code into the OS Logon screen? Any link would be appreciated.

  • Anonymous
    April 11, 2014
    Thank you for response. I am trying to add a button of "Forgot your password" on my OS logon screen and clicking on this button will lead to another application. Is installation of FIM is mandatory if i want to integrate a custom credential provider?

    Can you point me to a link which provides the steps to create a custom credential provider, register it and show its tile on OS logon screen? Windows 8.1, Vista and Windows 7 OS are in my scope.

  • Anonymous
    April 11, 2014
    Look at http://msdn.microsoft.com/en-us/library/windows/desktop/bb648647(v=vs.85).aspx
    There are much richer sample in the Windows SDK.

  • Anonymous
    September 30, 2014
    hi anthony, is there a way I can modify the password reset program to use my own libraries instead of using FIM 2010?

  • Anonymous
    September 30, 2014
    You can't modify the FIM Credential Provide to use your own library. You can definitely, however, to write your own Credential Provider to use your own libraries

  • Anonymous
    March 03, 2015
    Hi friend,
    It's nice man and thanks for this post. I need one doubt (i.e.) i need only tile creation on logon page and how to create. kindly update the source and send me : Kali2madu@gmail.com. Kindly do the needful.

  • Anonymous
    June 08, 2015
    Hi Anthony,

    Thank you for sharing. I, like a couple of others on here, are interested in launching a 3rd party Password Management application and not FIM. Can you provide any assistance in this scenario? Would you be willing to consult on a solution?

  • Anonymous
    June 08, 2015
    The comment has been removed

  • Anonymous
    July 22, 2015
    how to install it.?

  • Anonymous
    July 22, 2015
    See PasswordResetCredentialProviderRegister.reg

  • Anonymous
    July 30, 2015
    I have it launching my 3rd party app but I wish to bypass the login screen. I just want to click on the Image Tile and launch my app. Any help would be appreciated.

  • Anonymous
    July 30, 2015
    Nvm. I got it working. Thanks for the code.

  • Anonymous
    September 28, 2015
    Jody, will you share your code to bypass the login screen. Thanks