Pass windows handle for windows hello #854

Nehluxhes · 2025-02-20T13:40:53Z

Nehluxhes
Feb 20, 2025

In your code you are calling windows hello passing GetForegroundWindow() or GetTopWindow() as the parent window handle to WebAuthNAuthenticatorGetAssertion().
The problem is I am using libfido2 in a Windows Credential Provider, which is running on the Secure Desktop (the logon screen). It seems the above method are only getting the Top windows on the classic user desktop. In practice what is happening is when you are calling windows hello in my credential provider, nothing seems to happen, but if you do manage to unlock the logon screen you are finally being presented with windows hello (a bit too late :) ).

The thing is the Credential Provider interface is already giving me a windows handle, all I would need to do is to give it to you so you can pass it to windows hello.

So would it be possible to have an additional function, something like fido_winhello_set_window_handle(HWND handle) ?
And you can still keep using GetForegroundWindow/GetTopWindow if it is not called.

Maybe that should be an issue instead of a feature request considering it makes libfido2 with winhello unusable on the secure desktop.
I know you are more linux guys so here is a link talking about the secure desktop.
The gist of it though is it's completely separated from the user desktop and is running in a process under the SYSTEM account, and only the system can switch between the different desktops. So if winhello is displayed on the wrong desktop, it is completely invisible for the user.

LDVG · 2025-02-27T08:32:42Z

LDVG
Feb 27, 2025
Maintainer

Hey,

Sorry for the slow response. The be short: If this solves a real issue we're happy to take a look at it. Pull requests are welcome!

(Also, thank you for the detailed description and link. 🙂)

0 replies

Nehluxhes · 2025-02-28T17:00:21Z

Nehluxhes
Feb 28, 2025
Author

Hey,

I will try to do a PR, it is simple enough
Though actually I tried since then to test the winhello API directly skipping libfido2 and the same problem occur so my problem lies with winhello (I really thought the cp window handle would fix it, seemed such a good lead), I just sent an email to the maintainer.

That change would still be needed if the winhello bug is fixed though, or even to correctly parent a standard non secure desktop application UI to winhello, so still useful. Will do that PR.

0 replies

Nehluxhes · 2025-03-03T17:26:21Z

Nehluxhes
Mar 3, 2025
Author

#857

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Pass windows handle for windows hello #854

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 3 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Pass windows handle for windows hello #854

Uh oh!

Uh oh!

Nehluxhes Feb 20, 2025

Replies: 3 comments

Uh oh!

LDVG Feb 27, 2025 Maintainer

Uh oh!

Nehluxhes Feb 28, 2025 Author

Uh oh!

Nehluxhes Mar 3, 2025 Author

Nehluxhes
Feb 20, 2025

LDVG
Feb 27, 2025
Maintainer

Nehluxhes
Feb 28, 2025
Author

Nehluxhes
Mar 3, 2025
Author