Customization of Windows Credential Manager

Closed Posted Feb 13, 2012 Paid on delivery
Closed

We need modification to how the authentication takes place in Windows 7/Vista Operating System. Win7 works on the concept of Windows Credential Manager a

sopposed to [url removed, login to view] in XP and lower versions. We basically want to add anotehr level of autrhentication to the Windows Logon wherein the user has to enter a

One Time Passowrd (OTP) apart from his Active Directory (AD) password. This OTP will be verified by our server whereas the PAssword will be veirifed by AD.

IF AND ONLY OIF both the credentials are correct will the user get the access.

Currently the user logs in as follows -

1). Select the username+Password+Active Directory DOmain to authenticate

We need the following setup -

1). On the initial screen user gets the option of -

a). Accessing the last Active Directory domain he successfully logged on to.

b). USe Other Credentials

2). User selects eithe rof "a" or "b" depending upon whether he wants to acces sthe last domain or he wants to access a new domain

3). On the next screen user get the prompt for UserName and PAssword

4). User enters Username in the format <Username>@<Domain> or <Domain>/<UserNAme> and enters the [url removed, login to view] will send the password to AD for verification

but will not give access to the user right away. Whether the PAssword is corerct or not he will NOT be intimated at this step.

5). We will first check whether the domain entered is configured for OTP verification or not. In case NOT then the suer will get direct access to teh system

provided his passowrd for AD or Local System (<This computer> option) is correct. In case the domain is configured for OTP verification AND THE USER EXISTS

followign will happen -

a). A new screen will come asking for users OTP.

b). User will enter the OTP he has

c). This OTP has to be verified by our server using a web service call . This call will hve the following featutres -

i). The call will be HTTPS

ii). The call will have the following format -

https://www.<authserver>.com/xyzabc?Username=<Username>&Password=<OTP>&ApplicationID=WindowsLogon

iii). The call will return the following values -

-> TRUE - OTP is correct

-> OTP is incorrect - OTP is incorrect

-> User not found

-> User is Locked

THIS CALL WILL ONLY BE PROCESSED IF THE PASSWORD ENTERED IN STEP 4 IS CORRECT. OTHERWISE THE USER WILL GET THE SCREEN FOR OTP BUT HIS OTP WILL NOT BE

PROCESSED. THE REASON BEHIND DOING THIS IS THAT WE DO NOT WANT THE USER TO EVER KNOW WHETHER HIS AD PASSWORD WAS INCORRECT OR HIS OTP WAS INCORRECT.

HE WILL ALWAYS ENTER BOTH THE VALUES BUT WILL NEVER KNOW WHICH WAS INCORRECT

d). If the return values is -

1). TRUE - If the UN+PWD entered in step 4 is CORRECT and the OTP returns TRUE, user will get access to the system

2). TRUE - If the UN+PWD entered in step 4 is INCORRECT user will NOT get the access and will get the following message -

"Eitehr the password or the OTP enterd was incorrect. Please try again"

User will be redirected to step "1)."

3). OTP is incorrect - User will get the following message -

"Eitehr the password or the OTP enterd was incorrect. Please try again"

User will be redirected to step "1)."

4). User is Locked - Alert the user that his account ahs been locked on the Authentication Server. Also in case the account is locked at AD

level he will be alerted that his account is locked on AD level.

6). User not found - Alert the suer his account is not configured for OTP verification and ask him to contact the system administrator

e). THIS FUNCTIONALITY IN ITS ENTIRETY IS REQUIRED FOR "Ctrl+Alt+Del" scenario as well. In otehr words if the user locks his screen he should go through the entire process all over again.

This solution is required for -

Client - Windows Vista and Windows 7 (32 bit and 64 bit)

Server - Windows server 2003 (32 bit and 64 bit) + Windows server 2008 (32 bit and 64 bit)

Skills Required:

windows-7, vista, operating-systems, web-services, c++, visual-c++

C++ Programming Software Architecture Windows Desktop

Project ID: #1443545

About the project

2 proposals Remote project Active Mar 19, 2012

2 freelancers are bidding on average $19/hour for this job

hilly17in

I can do it for you.

$20 USD / hour
(0 Reviews)
0.0
quantd

Hello, This requirement is almost the same as a project i did (customize GINA, send Credential to Server for authentication which accepts web-client also,...). I can help, give you demo and my experience on this. Th More

$18 USD / hour
(0 Reviews)
0.0