Application Compatibility: Microsoft Graphical Identification and Authentication (GINA)
Microsoft Graphical Identification and Authentication (GINA)
Feature Impact
High (frequency: low)
Brief Description
Prior to Windows Vista® and Windows Server® 2008, for logons to a third-party server or with a third-party device, ISVs had to replace the Graphical Identification and Authentication (GINA) dynamic-link library in Windows XP®. Such applications also had to replace the existing UI and implement smart-card and remote-desktop features on Windows XP.
Note
If an application did not function this way in Windows XP, this information does not apply.
Windows Vista and Windows Server 2008 introduce a new authentication model where LogonUI and WinLogon communicate directly with each other. This model provides a simplicity, scalability, and flexibility that did not exist with GINA. Unlike with the GINA module, ISVs no longer need to replace the UI for the logon screen, thus relieving the ISV of the burden of re-authoring the user interface for the user. An ISV can author a credential provider, which is a module that plugs into the LogonUI, to describe the UI and to gather the credential and pass it on to WinLogon. Credential providers are completely transparent to WinLogon.
Credential providers are also additive, meaning that users can install multiple credential providers and pick the one that they want to use. Credential providers can be user-selected, event-driven, or both. Multiple credential providers can coexist on Windows Vista and Windows Server 2008 and are not only for third parties. In fact, Windows will ship two credential providers in the box: a credential provider for user name and password and a credential provider for smart card.
Additionally, credential providers can be reused within CredUI. That is, the same object that describes and collects credential information on LogonUI can be used to gather the very same credentials in CredUI scenarios.
The GINA functionality from Windows XP and Windows Server 2003 has been deprecated and removed from Windows Vista and Windows Server 2008. The GINA modules of applications will not function and must be re-authored using the new authentication model for Windows Vista and Windows Server 2008.
Manifestation
The user will not be able to successfully install custom logon applications.
The user will not be able to log on using custom logon applications (using the Windows XP technology) in Windows Vista and Windows Server 2008. These applications might include biometric devices, custom logon UI, or virtual private network (VPN) solutions for remote users with custom logon UI.
Remedies
Leverage new capability:
The applications or components that use the GINA technology must be re-authored to use the new logon authentication model for Windows Vista and Windows Server 2008.
Links to Other Resources
For all credential provider information and questions, send e-mail to the Shell Credential Provider alias: credprov@microsoft.com.