How does Credential Provider Usage Scenarios are defined

Question

I'm currently trying to understand how custom credential providers are made.

I have a sample to help me. This sample especially implements ICredentialProvider and ICredentialProviderFilter for WinLogon. My job is to implement the CPUS_CREDUI usage scenario.

However, there is a lot of things i don't get in the initial implementation so i can't even expect to do my own implementation.

All the documentation i found only explains what each part actually do. Which is the only part 'clear enough' in my mind.

The problem is that i can't connect those parts together.

The different functions seemed to be called by Windows itself. How can i know what's the caller, which parameters are used, this kind of things ? If i knew, i might have a better understanding of the whole process.

For example :

• There is a recurrent parameter of type CREDENTIAL_PROVIDER_USAGE_SCENARIO which seems to change the way the CP is initialized further in the code. It seems to be first defined in the CredentialProvider constructor but since i don't know what the caller of the constructor is... I'm guessing it's called by WinLogon but if so, what actually define the parameters ?

• The logs of the sample always show this parameter value as 'CPUS_LOGON'. If this is a consequence of the CP constructor being called by WinLogon (If my previous hypothesis is true), how does CPUS_CREDUI can be called since it's post Logon ?

That's the main questions i have so far. Thank you if someone can unlight me.

I'm also open for every additional informations you would have for me.

Answer 1

Have a look at Microsoft's docs One of the first calls to your credential provider will be SetUsageScenario

HRESULT SetUsageScenario(
    CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus,
  DWORD                              dwFlags
);

The first parameter is scenario.
If your provider is not designed for the provided scenario you can just return E_INVALIDARG.