Vista - RDP - Access to remote physical device
Hello, I'm creating my own Credential provider to authenticate a user by contactless cards. I use a Windows service which manage all card events (card detection, card removal, ...) and send informations to my provider which will open or not the Windows session. In local mode I do not have any trouble, my service is listening the local card reader (USB) and everything work. My issue is only for remote session: --> When a user starts a remote session to my computer, a new instance of my credential is launched for the remote user. Until here, everything is ok ! However my service is still listening my LOCAL card reader and not the remote USB reader. I totally understand that my service is launched with the local system account (when the computer start), so the thread, which listen the reader, is started in the system context. I tried to impersonate the listening thread to execute the thread in the remote user context by it's not working for one reason: It's impossible to impersonate someone which is not logged --> I've tried to use WTSQueryUserToken, OpenProcessToken,... to impersonate the remote user, but it's always the same error : ERROR_NO_TOKIN which means that no user is logged ! The issue is when the user start a remote session to my computer, a new instance of my credential is started for the remote user but he's not logged yet, so I cannot do any impersonation. That's the reason of my question : How to impersonate a remote connection, when no one user is logged, to manage remote devices and not local devices. I attempted a test which worked pretty well so I guess that something exists to answer my problem. This is the test I've done: I've started the thread which listen the physical device directly in my credential provider and my thread was successfully listening the remote devices and not my local reader! I hope that someone will be able to help me... Many thanks, Arnaud.
November 24th, 2009 3:58pm

Hi,Is your service uses PC/SC calls to list all smart card readers and listen to card detection, card removal etc?If yes then for remote connection you cannot use this service to list the remote reader as I have observed if a process starts before the rdp connection(in your case its a service which is also started before you make rdp connection) its not able to list the remote reader.Just for test purpose start your service as a application (in your current session which is same as credential provider session) from your credential provider code and see if your application is able to list the remote card and also listen to remote card insertion/removal events etc.Thanks,Sudhanshu
Free Windows Admin Tool Kit Click here and download it now
December 24th, 2009 7:15am

Hope this post also helps you since you want to get the token from servicehttp://social.msdn.microsoft.com/Forums/en/windowssecurity/thread/0d46cf4a-6e94-45bc-ac2c-f5b239b50c8b- Sudhanshu
December 24th, 2009 7:41am

Hi Arnaud, Any updates? Thanks, Sudhanshu
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2010 8:02am

Hi sudhanshu, Sorry for the delay I was out for many months... Well to be short, I've changed back my credential provider: - The credential starts a thread which listen the remote readers. - On log-on, the service launch itself another threads (impersonated) which will also listen remote readers. After many attempts I didn't manage to launch directly, from the service, a thread which could listen the remote readers without any logon credential. Thanks for your help, Arnaud.
March 19th, 2010 5:48pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics