如果将来对任何人有帮助;这就是我的做法。这是我想出的解决方案,其中包含来自我工作的 V1(不是 V2)包装凭据提供程序(CP)的适当代码片段 - 在 64 位 Windows 7 和 8.1 上进行了测试。(虽然不能保证它适用于 Windows 7 和 8 的所有安装)。使用 VS 2013 和 VS 2010 成功构建代码。
在更改密码(CTRL-ALT-DEL)场景中,这是一种确定新密码输入的略微非正统的方法。但是,由于我的客户想要跟踪和检查新密码的复杂性,当用户输入/键入它时,它对我来说非常有效 - 但仅限于 Windows 7 和 8/8.1;而不是在 Windows 10 上 - 这恰好是实现自定义“更改密码”凭据提供程序的噩梦。
我这样做的方法是:a) 检查 CredentialProvider.cpp 中的 SetUsageScenario() 中的“cpus”变量是否等于 CPUS_CHANGE_PASSWORD,如果是,则将全局布尔标志设置为 TRUE。
b) 然后,这是关键部分,在函数 SetStringValue() 中,我使用 fieldID 跟踪新密码字段中输入的每个字符(对于所有标准 Windows 7/8 安装和默认设置都是相同的) MS提供的CP) - 像这样:
CSampleCredential::SetStringValue(
DWORD dwFieldID,
PCWSTR pwz
)
{
string strCurrentFieldData = ws2s(pwz);// this contains the current data , as typed by the user. SO, as the user keeps typing the password, this field will get longer and longer. Perfect!
FILE_LOG(logINFO) << "in SetStringValue() FieldID = " << dwFieldID << " Field value = " << strCurrentFieldData.c_str() ;
eWinVersion ver;
char szVer[64] = { "" };
WCHAR wszFullVersion[255] = { L"" };
bool bSuccess = GetOSVersionString(wszFullVersion, 255, ver, szVer, 64);
if (bSuccess)
{
if (ver == VER_WIN8 || ver == VER_WIN81 )
{
switch (dwFieldID)
{
case PFID_OLDPWD: csOldPassword = strCurrentFieldData;
break;
case PFID_NEWPWD: csNewPassword = strCurrentFieldData;
break;
case PFID_NEWPWDCONF: csNewPasswordConfirmation = strCurrentFieldData;
break;
default:
break;
}
}else
if (ver == VER_WIN7)
{
switch (dwFieldID)
{
case PFID_OLDPWD+1: csOldPassword = strCurrentFieldData;
break;
case PFID_NEWPWD+1: csNewPassword = strCurrentFieldData;
break;
case PFID_NEWPWDCONF+1: csNewPasswordConfirmation = strCurrentFieldData;
break;
default:
break;
}
}
}
}
// and so on...
}
c) 然后,最后在 Get CSampleCredential::Serialization() 中,我检查了密码的复杂性并酌情返回了正确的 CP 值 - 如下所示:
//
// Collect the username and password into a serialized credential for the correct usage scenario
// (logon/unlock is what's demonstrated in this sample). LogonUI then passes these credentials
// back to the system to log on.
//
HRESULT CSampleCredential::GetSerialization(
CREDENTIAL_PROVIDER_GET_SERIALIZATION_RESPONSE* pcpgsr,
CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION* pcpcs,
PWSTR* ppwszOptionalStatusText,
CREDENTIAL_PROVIDER_STATUS_ICON* pcpsiOptionalStatusIcon
)
{
FILE_LOG(logINFO) << "In CSampleCredential::GetSerialization";
HRESULT hr = E_UNEXPECTED;
if (_pWrappedCredential != NULL)
{
hr = _pWrappedCredential->GetSerialization(pcpgsr, pcpcs, ppwszOptionalStatusText, pcpsiOptionalStatusIcon);
if (g_bIsChangingPassword)
{
FILE_LOG(logINFO) << "********** In GetSerialization()..... Scenario = Change Password! ";
char buf[256] = { "" };
sprintf_s(buf, 256, "Old password Input = [%s] New password input = [%s] New pwd confirmation inpot = [%s]",
csOldPassword.c_str(), csNewPassword.c_str(), csNewPasswordConfirmation.c_str());
FILE_LOG(logINFO) << buf;
//******************************************
// ************ IMPORTANT*****
// If new password input by user doens't fulfil our complexity requirements, we don't allow password chnge to compelte, by CP
if (!IsPasswordStrong(csNewPassword))
{
HWND hwndOwner = nullptr;
_pCredProvCredentialEvents->OnCreatingWindow(&hwndOwner);
*pcpgsr = CPGSR_NO_CREDENTIAL_NOT_FINISHED;
::MessageBox(hwndOwner,
"The new password you have chosen is not secure enough.\n\rPlease try a more complex password that is:\n\ra) At least 8 characters long\r\nb)contains Upper case AND lower letters\n\rc)and numbers",
"Insufficient Password Strength", 0);
}
//******************************************
}
}
return hr;
}
这是为了帮助任何可能需要帮助的人跟踪 WRAPPED 自定义凭据提供程序中的新密码字段。