Don't know exactly how to phrase this, please bear with me...
I have a credential provider I wrote, and if I set a custom credential filter to only use my credential provider, when I login on the machine, I have to enter an OTP on the "remote desktop" or respond to a push request on an app. That works fine and I'm able to login.
However, if the original username/password are not correct, then the credential provider never gets loaded and we never get a chance to re-enter on the "remote desktop" because the login is rejected at a lower level.
I've been thinking about one time tokens in our system for remote logins and so this being unable to connect without the correct username/password is a stumbling block. If my credential provider never gets loaded since the whole remaining login flow is blocked upstream by Windows, I cannot use a one time token as I have dreamed it.
I honestly don't know if I'm being blocked by my RDP client (mstsc) or something on the remote machine I am trying to connect to. I would guess more towards the remote machine...but really, I don't know.
Is there a registry setting I could try to bypass for now so that my credential provider would always get loaded? Or, is there a way to hook into whatever blocks it and maybe write a COM component with hooks into our web service that would permit/block a one-time token I'm envisioning?