public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication,
FidoAuthenticateResponse authResponse,
FidoDeviceRegistration deviceRegistration,
IEnumerable <FidoFacetId> trustedFacetIds)
{
authResponse.Validate();
var clientData = authResponse.ClientData;
ExpectClientDataType(clientData, AuthenticateType);
if (clientData.Challenge != startedAuthentication.Challenge)
{
throw new InvalidOperationException("Incorrect challenge signed in client data");
}
ValidateOrigin(trustedFacetIds, new FidoFacetId(clientData.Origin));
var signatureData = authResponse.SignatureData;
VerifyAuthSignature(startedAuthentication.AppId, signatureData, clientData, deviceRegistration);
deviceRegistration.UpdateCounter(signatureData.Counter);
return(signatureData.Counter);
}
public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication,
string rawAuthResponse,
FidoDeviceRegistration deviceRegistration,
IEnumerable <FidoFacetId> trustedFacetIds)
{
var authResponse = FidoAuthenticateResponse.FromJson(rawAuthResponse);
return(FinishAuthentication(startedAuthentication, authResponse, deviceRegistration, trustedFacetIds));
}
public IActionResult AuthenticateDevice(AuthenticateDeviceModel model)
{
if (App.CurrentUser == null)
{
return(BadRequest(new { error = "You must login.", code = 401 }));
}
if (model == null || string.IsNullOrEmpty(model.KeyHandle))
{
return(BadRequest(new { error = "Invalid device id.", code = 400 }));
}
var device = App.CurrentUser.Devices.FirstOrDefault(x => x.Identifier.Equals(model.KeyHandle));
if (device == null)
{
return(BadRequest(new { error = "Device not found.", code = 400 }));
}
var u2F = new FidoUniversalTwoFactor();
var deviceRegistration = FidoDeviceRegistration.FromJson(device.Data);
if (deviceRegistration == null)
{
return(BadRequest(new { error = "Unknown key handle.", code = 400 }));
}
var challenge = model.Challenge;
var startedAuthentication = new FidoStartedAuthentication(AppId, challenge, FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? ""));
var facetIds = new List <FidoFacetId> {
new FidoFacetId(AppId.ToString())
};
var counter = u2F.FinishAuthentication(startedAuthentication, model.RawAuthenticateResponse, deviceRegistration, facetIds);
deviceRegistration.Counter = counter;
device.Usage++;
return(Ok(new { message = "Device has been authenticated.", code = 200, redirect = Url.Action("CurrentUser") }));
}
public ActionResult Login(LoginDeviceViewModel model)
{
model = model ?? new LoginDeviceViewModel();
try
{
if (!String.IsNullOrEmpty(model.RawAuthenticationResponse))
{
var u2f = new FidoUniversalTwoFactor();
var appId = new FidoAppId(Request.Url);
var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == model.KeyHandle);
if (deviceRegistration == null)
{
ModelState.AddModelError("", "Unknown key handle: " + model.KeyHandle);
return(View(new LoginDeviceViewModel()));
}
var challenge = model.Challenge;
var startedAuthentication = new FidoStartedAuthentication(appId, challenge,
FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? ""));
var counter = u2f.FinishAuthentication(startedAuthentication, model.RawAuthenticationResponse, deviceRegistration, GetTrustedDomains());
// save the counter somewhere, the device registration of the next authentication should use this updated counter
//deviceRegistration.Counter = counter;
return(RedirectToAction("LoginSuccess"));
}
}
catch (Exception ex)
{
ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message);
}
return(View(model));
}
