Summary:
Windows 7 connects a smart card with exclusive rights, causing SCardConnect PC/SC calls to fail with shared or exclusive rights. After about 10 seconds, the exclusive connection is released and SCardConnect succeeds. To fix, just disable a bunch of policy settings (read the details) :).
The Details:
I have been working on an abstraction layer for our smart card communication here at Eid for a while. The code allows us to easily swap out readers without any concern for how communication with the reader occurs. It also provides a very simple and clean interface for querying a card for capabilities and features.
We just switched from a reader that uses a proprietary Magtek MCP API to the more standard PC/SC API. Although we already had support for PC/SC communication, Today we switched back to using a reader based on PC/SC and all of a sudden our application was failing to connect to our Smart Card on windows 7 boxes. Previously all testing had been done in a Windows XP environment. The behavior we were seeing was that the SCardConnect API call was failing with a sharing violation for about 10 seconds after a card was inserted. After the 10 seconds passed, we would suddenly be able to successfully connect to the card.
It turns out there are a number of Local Group Policy Settings that control the behavior windows will take when a card is inserted (particularly a card that has a WHQL certified driver). I have pasted a screenshot of the settings below that control the behavior. you can run gpedit.msc to get this mmc terminal up. For more info on these settings, visit the smart card help pages on msdn @ http://technet.microsoft.com/en-us/library/ff404287(WS.10).aspx
No comments:
Post a Comment