Issue with Custom Credential Provider Terminating After UpdateRemoteCredential and SetSerialization Calls

Question

I’m currently developing a custom credential provider and have encountered a perplexing issue.

Specifically, I’m having trouble with the UpdateRemoteCredential and SetSerialization methods. After these methods are called, my credential provider unexpectedly terminates. This results in the logon screen being displayed without using the previous serializations. Moreover, even static members are re-initialized after this termination, which means that I can’t store the serializations I have got in the SetSerialization method.

Interestingly, the Windows logon process successfully calls SetUserArray after calling SetSerialization. However, no method in that process is called afterwards and another process begins with re-initializing static members and re-initializing a credential provider and a credential provider credential.

If UpdateRemoteCredentials wouldn’t change the credentials and credentials would be passed to the default windows password provider, the logon process would be done perfectly. But if I redirect the serialization to my credential provider and store it in my program, after calling SetUserArray my program terminates.

This problem persists even if I don’t do any logic in SetSerialization.

I’m seeking a working example of a simple implementation of these two methods that will result in redirecting the incoming serialization to our SetSerialization method and storing the serialization to use it in our GetSerialization method. For simplicity, let’s assume that the input credentials (receiving remote credentials) are obtained from the default Windows password provider.

Additionally, I’m curious about whether these two methods (UpdateRemoteCredentials and SetSerialization) need to be implemented in two different classes or if it’s acceptable to implement both ICredentialProvider and ICredentialProviderFilter in one class.

Currently, I’m working in C#, using CredProvider.NET.Interop2. However, I’m open to implementing them in C++, if that would be more effective. If so, could you provide guidance on how to call them from a C# implementation (wrapping them)?

Any insights or advice would be greatly appreciated!

Edit 1:

I have some additional information that might be helpful. Here is a part of the log related to the issue:

{ "processId": "8576", "level": "TRACE", "method": "CredentialProvider.UpdateRemoteCredential"}
{ "processId": "8576", "level": "TRACE", "method": "CredentialProvider.Filter"}
{ "processId": "8576", "level": "TRACE", "method": "CredentialProvider.SetUsageScenario"}
{ "processId": "8576", "level": "TRACE", "method": "CredentialProvider.SetSerialization"}
{ "processId": "8576", "level": "TRACE", "method": "CredentialProvider.SetUserArray"}
{ "processId": "6492", "level": "TRACE", "method": "CredentialProvider.SetUsageScenario"}

From the log, it’s evident that after the SetUserArray method is called, another process is initialized and the constructor of our Credential Provider is invoked on it. I’ve also noticed that the process where UpdateRemoteCredential is called never appears in the logger after the completion of SetUserArray.

I’ve confirmed that the serialization is correctly passed to SetSerialization (with interception by UpdateRemoteCredentials and changing CLSID). Unfortunately, I can’t provide the log of this verification due to security reasons. However, I can confirm that the content of the buffer in SetSerialization is identical to the input of UpdateRemoteCredentials.

Regardless of the specific error, I am seeking a working example of the implementation of UpdateRemoteCredentials and SetSerialization in C#. My goal is to redirect the incoming serialization (packed by the PasswordProvider) to our credential provider, and then store this serialization in our program for use in GetSerialization.

In my current implementation, the serialization is stored, but the GetSerialization method is not called on that process. Furthermore, we don’t have access to our stored serialization in GetSerialization. Any guidance or examples would be greatly appreciated.

I hope this additional information and request can provide more context to my issue.