This disclosure relates generally to the field of automated login processes. More particularly, but not by way of limitation, it relates to a technique for wrapping multiple credential providers within a common credential provider object.
During computer system startup using the Microsoft Windows XP® or Windows Server® 2003 operating systems, the Winlogon executable loads and executes a Graphical Identification and Authentication (GINA) dynamic-link library (DLL). (WINDOWS XP and WINDOWS SERVER are registered trademarks of the Microsoft Corporation.) Once loaded, the GINA provides customizable user identification and authentication procedures and is responsible for rendering the graphical aspect of the logon operation/process.
Using GINAs, software developers are able to customize the logon process user-experience by ensuring their custom GINA is loaded and executed before that of other GINAs. Software developers are also able to “reuse” the functionality of previously developed logon functionality by utilizing a technique known as “GINA chaining.” GINA chaining is possible because there is a first or “head” GINA that must be invoked and through which all other GINAs may be provided; chained GINAs form a hierarchical structure.
Beginning in Windows Vista®, the LogonUI process became responsible for rendering the graphical aspect of the logon window while the overall logon process is mediated through the use of credential providers (CPs). (WINDOWS VISTA is a registered trademark of the Microsoft Corporation.) To deliver the functionality provided by GINA chaining in this new environment, there needs to be a “head” CP. However, the logon architecture of Windows Vista and Windows 7 is such that all registered CPs are peers of one another; there is no “head” CP which must be invoked and through which communication to other CPs may be passed. Microsoft provides guidance on how one CP can invoke and reuse/extend the functionality of exactly one other CP in a process termed “wrapping.” That is, Microsoft permits the encapsulation or wrapping of only one CP. Therefore, even if just one CP was allowed to be active at logon (so it must be used)—it could only be the head CP to one other CP. In such a setting the full functionality of GINA chaining is not possible. Given this, it would be beneficial to provide a mechanism that allows one CP to simultaneously encapsulate or wrap two or more other CPs.