I have been working on this for a few days and this is doing my head in:
Our application is built using the .NET Compact Framework 2.0 and running on Windows Mobile 5 & 6 devices.
We can set the WLAN connection of the device programmatically using the Wireless Zero Config functions (described here: msdn.microsoft.com/en-us/library/ms894771.aspx), most notably the WZCSetInterface function which we pinvoke from our application. This works fine for WEP and WPA-PSK connections.
In a recent effort to add support for WPA2 networks we decided to modify the code. We have successfully added support for WPA2 which uses a certificate for the 802.1x authentication by setting the correct registry settings before calling WZCSetInterface.
Now we want to do the same for WPA2 using PEAP (MS-CHAPv2) authentication. When manually creating such a connection in Windows Mobile the user will be prompted to enter the domain/user/password details. In our application we will have those details stored locally and want to do this all programmatically without any user intervention.
So I thought going along the same route as the certificate authentication, setting the correct registry entries before calling WZCSetInterface.
The registry settings we set are:
\HKCU\Comm\EAP\Config\[ssid name]
- Enable8021x = 1 (DWORD)
- LastAuthSuccessful = 1 (DWORD)
- EapTypeId = 25 (DWORD)
- Identity = "domain\username" (string)
- Password = binary blob containing the password that is encrypted using the
CryptProtectData function (described here: msdn.microsoft.com/en-us/library/ms938309.aspx)
But when these settings are set and I call WZCSetInterface with the correct parameters, it still prompts me with the User Logon dialog asking for the domain/username/password.
Has anyone got an idea what I need to do to prevent the password dialog from appearing and connect straight away with the settings stored in the registry?
Best Answer
After some more investigation I eventually gave up with the registry settings. It seems that the key to a successful connection is the Password value in HKCU\Comm\EAP\Config[SSID]. But because CryptProtectData uses an undocumented entropy value (for obvious security reasons) to encrypt the password, it seems impossible to recreate a valid entry in the registry programmatically.
I then went with the second best solution, catching the User Logon dialog after calling
WZCSetInterface
and enter the required fields in there:Note that I'm only setting the password field, because the username and domain fields are pre-populated with the information already stored in the registry (the Identity value mentioned in my original question).
This works well enough, as it creates the WLAN connection using the PEAP credentials. And by moving User Logon dialog offscreen as soon as it's found, this all happens invisibly to our application's user (our app runs in kiosk mode).