Windows Logon, your input welcome!
-
I got my current one off ebay, shipped express and received in 2 working days - haven't seen them in stores though.
-
@Lokki
Done and done. Hopefully they actually ship it when they say they'll ship it. heh. -
Hopefully yeah! Ordered mine just before NYE and received it yesterday. Pretty impressive really, for AusPost.
-
@Lokki
does their software attempt to hook into windows login stuff at all? Worst case the ACS API looks okay and we can make a credential provider and register that in windows. -
The software I'm testing at the moment is an enterprise product that hooks into the existing windows login.
It's a little clunky, difficult to set up and is definitely not aimed at the casual consumer. I'm also having a few other issues that I might talk about later. -
I just got home and found my arc122 waiting for me. i'm basically bedridden for a week so it'll give me a chance to start tinkering away with it. got any advice or suggestions where to get started with it? Might just save me a bit of time. Otherwise i'll see how i get on with making it lock / unlock windows.
Maz -
Okay. So I've just spent some time to create a custom credential provider for windows 7, 8, 10 etc and I have code that talks to my ARC122U reader (all in C++).
Security... If i do it based on the ID, copying the NFC ring would allow someone else to access the machine.
If i store a certificate on the ring (I should be able to fit one), then I'd need to create a C# UI that streamlines the registration / certificate creation process (if possible, i havent actually tried this yet).
My question is, how secure is this expected to be?my vm's lockscreen...
Lockscreen.jpg -
@maz_net_au oh wow that is amazing!!
If you peep the campaign preview we kinda talk about security. Basically storing anything on the NDEF record should be an optional step that if people want to do, they can.. Source: https://www.kickstarter.com/projects/mclear/526261309?token=201aa2e8
It sounds like you are developing this thing for real.. Did you want to do this, like, for real? We had a dev lined up but if you are up for it we'd be happy to chat with you if you are doing this as an itch to scratch anyway :)
Can't hurt to be paid to make what you want right?
-
@johnyma22
I was hoping to get a proof of concept going today but given that its 11pm i might not finish it tonight.
If I can get it working then I'm happy to turn over all the code for free with whatever license you like. I have a good job with Fove Inc already and don't need any extra pressure right now. I'm actually at home sick this week (recovering from some minor surgery) but it's so dull I thought I'd do a bit of code (even though the painkillers add an extra challenge).
I'll keep updating with my progress here and you can decide if you'd like your dev to start from scratch or if they can use my code to help a bit.So far I have the credential provider showing, and when the user selects the NFC Ring option it connects to the first card reader and pulls the UID off the card there. Now I'm trying to find a good way to compare that with a registered ring's value and then pass a credential across to windows. The C++ documentation around ICredentialProvider is pretty frustrating. AFAIK there isn't a good way for .Net to access these API's without wrapping a C++ dll.
Maz -
On the upside the older gina api is even more frustrating...
-
@Engarde
Haha. Yeah. I'm not even going near that. If you're still using XP then too bad :P -
For my sins I've had to work with different generations of a number of their APIs, and the one thing they appear to never learn is to improve the docs.
I blame the summer interns that get tasked to write them... -
@Engarde
I just found a useful set of examples for vista. If I merge that with the code I've already got I should be able to actually get this working tonight.
https://www.microsoft.com/en-us/download/details.aspx?id=4057#Overview -
A ten year old example might confuse you more than aid you, but good luck.
-
BAM!
Hard-coded proof of concept working...So,
I can potentially store the CredProtectW protected credentials on the NFC ring itself so that way I dont have to store the users details on the filesystem of the machine they're logging into. Or do we want both options?I'm learning all about NFC as I go so forgive me if I don't know what I'm doing on that side of things.
-
Just in case anyone wanted to see I made a terrible video.
This is just a proof of concept!I think I'm the only person in the world who can easily log on to my home desktop PC with an nfc ring right now.
-
Well done
-
@maz_net_au said:
I think I'm the only person in the world who can easily log on to my home desktop PC with an nfc ring right now.
Well I'm using Asus NFC Express and I think it's pretty easy to use with the NFC Ring. With this the Asus NFC login is selected by default and I'm logged in as soon as my ring is read (no need to click anything) The hard part is getting the Asus NFC Express to read the ring, it seems to have a sweet spot that I'd guess has a diameter of <1cm. (And lets not forget that it apparently only works on Asus Motherboards(?))
I'd really like to see an open source program of equivalent ease of use if only to get compatibility with a better reader because this Asus NFC Express that I've got is really "weak". Oh and it'd be nice with the ability to use the ID of the tag rather than writing and reading from the tag, that way I can write other stuff to the ring.
Edit: Can someone explain to me why using NDEF Records provides greater security than using the ID? Couldn't you copy the NDEF Records too?
-
+1 @SanyaIV that's exactly how I feel.. The ASUS NFC Express has a pretty decent UI but it's hardware is not perfect. We can definitely do things better. For example the ACR122 unit has great matching w/ small tags so using that is a joy!
RE NDEF Records, I feel I know the answer but I'm more interested to hear other peoples view points on it..
-