I want to write CredentialProvider similar to builtin SmartcardCredentialProvider used in domain, but with one difference: When the PIN field is displayed, do automatic submit with empty PIN and let the user log in to windows.
I have some ideas, but not sure if it will work:
- Write CredentialProvider that will monitor the state SmartcardCredential provider, detect the state with PIN prompt and hit Enter
- Write credential provider that will do the smartcard discovery on its own do the authentication process between Smartcard <-> CredentialProviderAPI
Can this structure lead me to entering empty pin? KERB_SMART_CARD_LOGON
https://learn.microsoft.com/en-gb/windows/win32/api/ntsecapi/ns-ntsecapi-kerb_smart_card_logon
I dived into pGina source code, but I see only username and password used in authentication with CredentialProviderAPI, so I am afraid it is possible to use with certificate on smartcard.